CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21678
https://notcve.org/view.php?id=CVE-2021-21678
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. El Plugin SAML de Jenkins versiones 2.0.7 y anteriores, permiten a atacantes diseñar URLs que podrían evitar la protección CSRF de cualquier URL de destino en Jenkins • http://www.openwall.com/lists/oss-security/2021/08/31/1 https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2469 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21677
https://notcve.org/view.php?id=CVE-2021-21677
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability. El plugin Code Coverage API de Jenkins versiones 1.4.0 y anteriores, no aplica la protección de deserialización JEP-200 de Jenkins a los objetos Java que deserializa del disco, resultando en una vulnerabilidad de Ejecución de Código Remota • http://www.openwall.com/lists/oss-security/2021/08/31/1 https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2376 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21676
https://notcve.org/view.php?id=CVE-2021-21676
Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address. El Plugin Jenkins requests-plugin versiones 2.2.7 y anteriores no lleva a cabo una comprobación de permisos en un endpoint HTTP, permitiendo a atacantes con permiso General y de lectura enviar correos electrónicos de prueba a una dirección de correo electrónico especificada por el atacante • http://www.openwall.com/lists/oss-security/2021/06/30/1 https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20%282%29 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21675
https://notcve.org/view.php?id=CVE-2021-21675
A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin Jenkins requests-plugin versiones 2.2.12 y anteriores permite a atacantes crear peticiones y/o hacer que los administradores apliquen peticiones pendientes • http://www.openwall.com/lists/oss-security/2021/06/30/1 https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20%281%29 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21674
https://notcve.org/view.php?id=CVE-2021-21674
A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. Una comprobación de permisos faltante en Jenkins requests-plugin Plugin versiones 2.2.6 y anteriores permite a atacantes con permiso Overall/Read ver la lista de peticiones pendientes • http://www.openwall.com/lists/oss-security/2021/06/30/1 https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-1995 •