CVE-2021-21679

September 8, 2021

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

Summary:

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

Reference Links(if available):

  • https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2470
  • http://www.openwall.com/lists/oss-security/2021/08/31/1

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    hackerone

    HackerOne Bug Bounty Disclosure: rxss-in-hidden-parameter-hassan-sheet

    April 23, 2024
    hackerone

    HackerOne Bug Bounty Disclosure: jira-credential-disclosure-within-mozilla-slack-griffinf

    April 23, 2024
    CISA Logo

    CISA: CISA Releases Two Industrial Control Systems Advisories

    April 23, 2024
    cybersecurity

    Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]ebir[.]com/

    April 23, 2024