Lucene search

[email protected]NVD:CVE-2021-22512

HistoryApr 08, 2021 - 10:15 p.m.

CVE-2021-22512

2021-04-0822:15:13

CWE-352

[email protected]

web.nvd.nist.gov

cve-2021-22512

jenkins

micro focus application automation tools plugin

csrf

form validation

permission checks

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.6%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks.

Affected configurations

Nvd

Node

microfocusapplication_automation_toolsRange≤6.7jenkins

VendorProductVersionCPE
microfocusapplication_automation_tools*cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
microfocus	application_automation_tools	*	cpe:2.3:a:microfocus:application_automation_tools::::::jenkins::*

References

www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.6%

JSON

Related for NVD:CVE-2021-22512

osv1 prion1 github1 cve1 cvelist1 nessus2