Published: 10/06/2021 Updated: 15/06/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Jenkins Kubernetes CLI Plugin 1.10.0 and previous versions does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins kubernetes

Jenkins is an open source automation server which enables developers around the world to reliably build, test, and deploy their software The following releases contain fixes for security vulnerabilities: * Kiuwan Plugin 161 * Kubernetes CLI Plugin 1101 * XebiaLabs XL Deploy Plugin 1002 Summaries of the vulnerabilities are below More det ...

CSEC302-Demo-Tommy Resources: Main instructions and proof of concept wwwzerodayinitiativecom/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection Old vulnerable WordPress githubcom/WordPress/WordPress/tree/4ec018ad06825987926221d5a89ad482d0836e85 Current WordPress githubcom/WordPress/WordPress Installing WordPress and sett

CWE-862 https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-2370 http://www.openwall.com/lists/oss-security/2021/06/10/14 https://nvd.nist.gov https://github.com/TommyB13/CSEC302-Demo-Tommy http://seclists.org/oss-sec/2021/q2/211

CVE-2021-21661

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect