Lucene search
GoogleOSV:GHSA-998M-F2X3-JJQ4HistoryMay 24, 2022 - 5:48 p.m.
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files
2022-05-2417:48:05
Google
osv.dev
10
Jenkins Config File Provider Plugin 3.7.0 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to delete configuration files corresponding to an attacker-specified ID.
This is due to an incomplete fix of SECURITY-938.
Jenkins Config File Provider Plugin 3.7.1 requires POST requests for the affected HTTP endpoint.
Related
cve
cve
CVE-2021-21644
2021-04-21 15:15:08
github
github
prion
prion
Cross site request forgery (csrf)
2021-04-21 15:15:00
alpinelinux
alpinelinux
CVE-2021-21644
2021-04-21 15:15:08
cvelist
cvelist
CVE-2021-21644
2021-04-21 14:20:31
veracode
veracode
Cross-Site Request Forgery (CSRF)
2021-06-08 12:38:32
osv
osv
CVE-2021-21644
2021-04-21 15:15:08
redhatcve
redhatcve
CVE-2021-21644
2021-08-08 11:20:28
nvd
nvd
CVE-2021-21644
2021-04-21 15:15:08
nessus
nessus
Jenkins Enterprise and Operations Center < 2.249.31.0.1-2 / 2.277.3.1-2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-04-21)
2021-11-19 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.7.13 (RHSA-2021:2122)
2022-09-15 00:00:00
RHEL 7 : OpenShift Container Platform 3.11.462 (RHSA-2021:2517)
2021-07-01 00:00:00
redhat
redhat