Vulnerability Description
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Azure Ad | >= 164.v5b48baa961d2, <= 179.vf6841393099e |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/08/31/1Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2470Vendor Advisory
- http://www.openwall.com/lists/oss-security/2021/08/31/1Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2470Vendor Advisory
FAQ
What is CVE-2021-21679?
CVE-2021-21679 is a vulnerability with a CVSS score of 8.8 (HIGH). Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
How severe is CVE-2021-21679?
CVE-2021-21679 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21679?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Azure Ad.