VYPR
Moderate severityNVD Advisory· Published Apr 21, 2021· Updated Aug 3, 2024

CVE-2021-21647

CVE-2021-21647

Description

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:electricflowMaven
< 1.1.18.11.1.18.1
org.jenkins-ci.plugins:electricflowMaven
>= 1.1.19, < 1.1.221.1.22

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

1