QwikSec

Security Database

CVE

CWE

Training

CVE-2021-21626

Published: Mar 18, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.

Vendor	Product	Versions
Jenkins project	Jenkins Warnings Next Generation Plugin	affected `unspecified - <= 8.4.4` unaffected `8.4.3.1`

References

https://www.jenkins.io/security/advisory/2021-03-18/#SECURITY-2041

x_refsource_CONFIRM

[oss-security] 20210318 Multiple vulnerabilities in Jenkins plugins

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2021-21626 - Security Vulnerability | QwikSec