Cross-Site Request Forgery Vulnerability in Micro Focus Application Automation Tools Plugin for Jenkins
CVE-2021-22512

6.5MEDIUM

Key Information:

Vendor: Microfocus
Status: Micro Focus Application Automation Tools Plugin - Jenkins Plugin
Vendor: CVE Published:; 8 April 2021

What is CVE-2021-22512?

The vulnerability exists in the Micro Focus Application Automation Tools Plugin for Jenkins, allowing unauthorized actions due to insufficient validation of form submissions. This flaw enables attackers to exploit the plugin, thereby bypassing permission checks, which could lead to unauthorized operations being performed on behalf of authenticated users. It is crucial for users of version 6.7 and earlier to review their security posture and apply necessary mitigations as detailed in the official Jenkins security advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Micro Focus Application Automation Tools Plugin - Jenkins plugin 6.7 and earlier versions

References

https://www.jenkins.io/security/advisory/2021-04-07/#SECU...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2021
Vulnerability Reserved
Jan 5, 2021

JSON

Microfocus

What is CVE-2021-22512?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.