CSRF Vulnerability in Jenkins Xray - Test Management for Jira Plugin
CVE-2021-21652
7.1HIGH
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 11 May 2021
Summary
A cross-site request forgery vulnerability in Jenkins Xray - Test Management for Jira Plugin versions 2.4.0 and earlier can potentially allow an attacker to initiate requests on behalf of authenticated users. By leveraging this vulnerability, attackers may access a specified URL using stolen credentials, which can capture sensitive information like Jenkins credentials. This security issue raises significant concerns regarding access controls and user data protection within Jenkins environments.
Affected Version(s)
Jenkins Xray - Test Management for Jira Plugin <= 2.4.0
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved