Jenkins Plugin Permission Bypass and CSRF Vulnerabilities (CVE-2021-21623/21624/21625/21626/21627)

Key Vulnerability Information Jenkins Security Advisory 2021-03-18 Vulnerabilities Matrix Authorization Strategy Plugin - CVE: SECURITY-2180 / CVE-2021-21623 - Severity: Medium - Issue: Incorrect permission checks may allow accessing some items. Role-based Authorization Strategy Plugin - CVE: SECURITY-2182 / CVE-2021-21624 - Severity: Medium - Issue: Incorrect permission checks may allow accessing some items. AWS Credentials Plugin - CVE: SECURITY-2032 / CVE-2021-21625 - Severity: Medium - Issue: Missing permission checks allowing enumeration of credentials IDs. Warnings Plugin - CVE: SECURITY-2041 / CVE-2021-21626 - Severity: Medium - Issue: Missing permission checks allowing listing of workspace contents. Libvirt Agents Plugin - CVE: SECURITY-1764 / CVE-2021-21627 - Severity: Medium - Issue: CSRF vulnerability. Affected Versions Matrix Authorization Strategy Plugin: up to and including 2.6.5 Role-based Authorization Strategy Plugin: up to and including 3.1 AWS Credentials Plugin: up to and including 1.28 Warnings Plugin: up to and including 8.4.4 Libvirt Agents Plugin: up to and including 1.9.0 Fix Update to the specified versions for each affected plugin.

Goal Reached Thanks to every supporter — we hit 100%!

Jenkins Plugin Permission Bypass and CSRF Vulnerabilities (CVE-2021-21623/21624/21625/21626/21627)