Back to search
CVE-2021-21625
Published: Mar 18, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.
| Vendor | Product | Versions |
|---|---|---|
Jenkins project | Jenkins CloudBees AWS Credentials Plugin | affected unspecified - <= 1.28 |
References
https://www.jenkins.io/security/advisory/2021-03-18/#SECURITY-2032
x_refsource_CONFIRM
[oss-security] 20210318 Multiple vulnerabilities in Jenkins plugins
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now