Cross-Site Request Forgery in Jenkins Claim Plugin by Jenkins
CVE-2021-21620

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Claim Plugin
Vendor: CVE Published:; 24 February 2021

What is CVE-2021-21620?

A cross-site request forgery (CSRF) vulnerability in the Jenkins Claim Plugin, specifically in versions 2.18.1 and earlier, allows attackers to manipulate claims. This could enable unauthorized actions to be executed on behalf of a legitimate user without their consent, increasing the risk of compromise. Maintaining awareness of security vulnerabilities like this is crucial for protecting web applications.

Affected Version(s)

Jenkins Claim Plugin <= 2.18.1

References

https://www.jenkins.io/security/advisory/2021-02-24/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2021
Vulnerability Reserved
Jan 4, 2021