CVE-2021-21641

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/13/2021 03:17:00 AM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Certain versions of Promoted Builds from Jenkins contain the following vulnerability:

A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.

  • CVE-2021-21641 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: Jenkins project - Jenkins promoted builds Plugin version <= 3.9
  • Affected Vendor/Software: Jenkins project - Jenkins promoted builds Plugin version ! 3.5.1

CVSS3 Score: 4.3 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE LOW NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
oss-security - Multiple vulnerabilities in Jenkins and Jenkins plugins www.openwall.com
text/html
URL Logo MLIST [oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins
Jenkins Security Advisory 2021-04-07 www.jenkins.io
text/html
URL Logo CONFIRM www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293

Related QID Numbers

  • 730045 Jenkins Multiple Security Vulnerabilities(Jenkins Security Advisory 2021-04-07)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationJenkinsPromoted BuildsAllAllAllAll
  • cpe:2.3:a:jenkins:promoted_builds:*:*:*:*:*:jenkins:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-21641 : A cross-site request forgery CSRF vulnerability in Jenkins promoted builds Plugin 3.9 and earlie… twitter.com/i/web/status/1… 2021-04-07 13:52:23
Twitter Icon @LinInfoSec Jenkins - CVE-2021-21641: openwall.com/lists/oss-secu… 2021-04-07 22:28:55