Insufficient Permission Check in CloudBees CD Plugin Affects Jenkins
CVE-2021-21647
4.3MEDIUM
What is CVE-2021-21647?
The CloudBees CD Plugin for Jenkins allows attackers with only Item/Read permission to schedule builds of projects, circumventing the necessary Item/Build permission checks. This significant oversight presents a risk, as it enables unauthorized individuals to initiate project builds, potentially leading to unintended consequences in the workflow and compromising the integrity of the CI/CD pipeline.
Affected Version(s)
Jenkins CloudBees CD Plugin <= 1.1.21
Jenkins CloudBees CD Plugin 1.1.18.1