CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21664
https://notcve.org/view.php?id=CVE-2021-21664
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. Una comprobación de permisos incorrecta en Jenkins XebiaLabs XL Deploy Plugin versión 10.0.1 y anteriores, permite a atacantes con permiso Generic Create conectarse a una URL especificada por el atacante usando IDs de credenciales especificadas por el atacante obtenidas mediante otro método, capturando credenciales de nombre de usuario/contraseña almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2021/06/10/14 https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21662
https://notcve.org/view.php?id=CVE-2021-21662
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Una comprobación de permisos faltante en Jenkins XebiaLabs XL Deploy Plugin versión 10.0.1 y anteriores, permite a atacantes con permiso Overall/Read enumerar el ID de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2021/06/10/14 https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1981 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21661
https://notcve.org/view.php?id=CVE-2021-21661
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Jenkins Kubernetes CLI Plugin versión 1.10.0 y anteriores no lleva a cabo comprobaciones de permisos en varios endpoints HTTP, permitiendo a atacantes con permiso Overall/Read enumerar los ID de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2021/06/10/14 https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-2370 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21660
https://notcve.org/view.php?id=CVE-2021-21660
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter. Jenkins Markdown Formatter Plugin versiones 0.1.0 y anteriores, no sanean las URL objetivo de enlaces diseñados, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con la capacidad de editar cualquier descripción renderizada utilizando el formateador de marcado configurado • http://www.openwall.com/lists/oss-security/2021/05/25/3 https://www.jenkins.io/security/advisory/2021-05-25/#SECURITY-2198 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-21660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21659
https://notcve.org/view.php?id=CVE-2021-21659
Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins URLTrigger Plugin versiones 0.48 y anteriores, no configuran su analizador XML para impedir ataques de entidades externas XML (XXE) • http://www.openwall.com/lists/oss-security/2021/05/25/3 https://www.jenkins.io/security/advisory/2021-05-25/#SECURITY-2341 •