Main Vulnerability Database Vulnerabilities #VU51596

#VU51596 Permissions, Privileges, and Access Controls in Role-based Authorization Strategy - CVE-2021-21624

Published: March 22, 2021

Vulnerability identifier: #VU51596

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-21624

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Role-based Authorization Strategy

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to the affected plugin does not correctly perform permission checks to determine whether an item should be accessible. A remote authenticated attacker can gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2021/03/18/5
https://www.jenkins.io/security/advisory/2021-03-18/#SECURITY-2182