Cross-Site Request Forgery Vulnerability in Micro Focus Application Automation Tools Plugin for Jenkins
CVE-2021-22512

6.5MEDIUM

Key Information:

Vendor: Microfocus
Status: Micro Focus Application Automation Tools Plugin - Jenkins Plugin
Vendor: CVE Published:; 8 April 2021

What is CVE-2021-22512?

The vulnerability exists in the Micro Focus Application Automation Tools Plugin for Jenkins, allowing unauthorized actions due to insufficient validation of form submissions. This flaw enables attackers to exploit the plugin, thereby bypassing permission checks, which could lead to unauthorized operations being performed on behalf of authenticated users. It is crucial for users of version 6.7 and earlier to review their security posture and apply necessary mitigations as detailed in the official Jenkins security advisory.

Affected Version(s)

Micro Focus Application Automation Tools Plugin - Jenkins plugin 6.7 and earlier versions

References

https://www.jenkins.io/security/advisory/2021-04-07/#SECU...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2021
Vulnerability Reserved
Jan 5, 2021

Microfocus

What is CVE-2021-22512?

Affected Version(s)

References

CVSS V3.1

Timeline