CSRF Vulnerability in Jenkins Promote Builds Plugin by Jenkins
CVE-2021-21641

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Promoted Builds Plugin
Vendor: CVE Published:; 7 April 2021

What is CVE-2021-21641?

A cross-site request forgery (CSRF) vulnerability exists in the Promoted Builds Plugin for Jenkins, allowing malicious actors to promote builds without authorization. This could lead to unauthorized code execution or modifications in the build process, posing significant security risks to users relying on Jenkins for continuous integration and delivery. It is crucial for users to stay updated on plugin versions and apply security patches to mitigate potential threats.

Affected Version(s)

Jenkins promoted builds Plugin <= 3.9

Jenkins promoted builds Plugin 3.5.1

References

https://www.jenkins.io/security/advisory/2021-04-07/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2021/04/07/2

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2021
Vulnerability Reserved
Jan 4, 2021