CVE-2021-21647
maven/io.jenkins.plugins/electricflow
Missing Authorization
Jenkins CloudBees CD Plugin does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission.
All versions up to 1.1.21
Unfortunately, there is no solution available yet.
2021-04-30
source |