Security Advisory

CVE-2021-21643

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-21 14:20:28

Last updated 2024-08-03 18:16:23

Assigner jenkins

State PUBLISHED

Description

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.

← Browse all CVEs View on cve.org ↗