CVE-2021-21647

Summary

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins CloudBees CD Pluginunspecified <= 1.1.21affected
Jenkins projectJenkins CloudBees CD Plugin1.1.18.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References