CVE-2021-21647

Missing Authorization in maven/io.jenkins.plugins/electricflow

Identifiers

CVE-2021-21647

Package Slug

maven/io.jenkins.plugins/electricflow

Vulnerability

Missing Authorization

Description

Jenkins CloudBees CD Plugin does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission.

Affected Versions

All versions up to 1.1.21

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-04-30

source