CVE-2021-21679

2021-08-3114:15:25

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

CPENameOperatorVersion
azure-ad-plugineq179.vf6841393099e
azure-ad-plugineq171.v9ef20c94d336
azure-ad-plugineq164.v5b48baa961d2
azure-ad-plugineq178.v7b93892fbe4c
azure-ad-plugineq167.v34c2c5a3a030
azure-ad-plugineq173.v0a210fffb510
azure-ad-plugineq177.v80b6c1591bf9
azure-ad-plugineq168.ve6e7e368dbf6
azure-ad-plugineq174.vc2d906355813
azure-ad-plugineq175.v5513346d764a

Name	Operator	Version
azure-ad-plugin	eq	179.vf6841393099e
azure-ad-plugin	eq	171.v9ef20c94d336
azure-ad-plugin	eq	164.v5b48baa961d2
azure-ad-plugin	eq	178.v7b93892fbe4c
azure-ad-plugin	eq	167.v34c2c5a3a030
azure-ad-plugin	eq	173.v0a210fffb510
azure-ad-plugin	eq	177.v80b6c1591bf9
azure-ad-plugin	eq	168.ve6e7e368dbf6
azure-ad-plugin	eq	174.vc2d906355813
azure-ad-plugin	eq	175.v5513346d764a