ID CVE-2021-21636
Summary A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:team_foundation_server:-:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:-:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.11:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.12:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.12:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.13:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.13:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.14:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.14:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.15:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.15:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.16:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.16:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.17:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.17:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.18:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.18:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.19:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.19:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:1.20:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:1.20:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:3.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:3.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:3.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:3.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:3.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:3.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:3.1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:3.1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:3.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:3.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:4.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:4.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:4.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:4.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.3.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.121.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.121.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.126.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.126.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.133.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.133.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.139.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.139.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.142.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.142.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.157.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.157.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:team_foundation_server:5.157.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:team_foundation_server:5.157.1:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 05-04-2021 - 18:39)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
Last major update 05-04-2021 - 18:39
Published 30-03-2021 - 12:16
Last modified 05-04-2021 - 18:39
Back to Top