How severe is CVE-2021-21644?

CVE-2021-21644 has a severity of 6.3 (medium).

What is the remedy for CVE-2021-21644 in Jenkins Config File Provider Plugin?

The remedy for CVE-2021-21644 in Jenkins Config File Provider Plugin is to update to version 3.7.1 or later.

Where can I find more information about CVE-2021-21644?

More information about CVE-2021-21644 can be found at the following references: [Jenkins Security Advisory](https://www.jenkins.io/security/advisory/2018-09-25/#SECURITY-938), [Red Hat Errata](https://access.redhat.com/errata/RHSA-2021:2122), [Red Hat CVE](https://access.redhat.com/security/cve/cve-2021-21644)

Vulnerability/
CVE-2021-21644

medium

6.3

CWE

352

21/4/2021

24/5/2022

3/8/2024

CVE-2021-21644: CSRF

Q: What is CVE-2021-21644?

CVE-2021-21644 is a cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier.

Q: How does CVE-2021-21644 affect Jenkins Config File Provider Plugin?

CVE-2021-21644 allows attackers to delete configuration files corresponding to an attacker-specified ID.

First published: Wed Apr 21 2021(Updated: )

A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
redhat/jenkins	<2-plugins-0:3.11.1624366838-1.el7	2-plugins-0:3.11.1624366838-1.el7
redhat/jenkins	<2-plugins-0:4.5.1623326336-1.el7	2-plugins-0:4.5.1623326336-1.el7
redhat/jenkins	<2-plugins-0:4.6.1623162648-1.el8	2-plugins-0:4.6.1623162648-1.el8
redhat/cri-o	<0:1.20.2-12.rhaos4.7.git9f7be76.el8	0:1.20.2-12.rhaos4.7.git9f7be76.el8
redhat/cri-tools	<0:1.20.0-3.el7	0:1.20.0-3.el7
redhat/jenkins	<2-plugins-0:4.7.1621361158-1.el8	2-plugins-0:4.7.1621361158-1.el8
redhat/redhat-release-coreos	<0:47.83-2.el8	0:47.83-2.el8
Jenkins Config File Provider	<=3.7.0
maven/org.jenkins-ci.plugins:config-file-provider	<=3.7.0	3.7.1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2021-21644?
CVE-2021-21644 is a cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier.
How severe is CVE-2021-21644?
CVE-2021-21644 has a severity of 6.3 (medium).
How does CVE-2021-21644 affect Jenkins Config File Provider Plugin?
CVE-2021-21644 allows attackers to delete configuration files corresponding to an attacker-specified ID.
What is the remedy for CVE-2021-21644 in Jenkins Config File Provider Plugin?
The remedy for CVE-2021-21644 in Jenkins Config File Provider Plugin is to update to version 3.7.1 or later.
Where can I find more information about CVE-2021-21644?
More information about CVE-2021-21644 can be found at the following references: [Jenkins Security Advisory](https://www.jenkins.io/security/advisory/2018-09-25/#SECURITY-938), [Red Hat Errata](https://access.redhat.com/errata/RHSA-2021:2122), [Red Hat CVE](https://access.redhat.com/security/cve/cve-2021-21644)

collector/redhat-cve
collector/nvd-index
collector/nvd-api
collector/github-advisory-latest
alias/GHSA-998m-f2x3-jjq4
alias/CVE-2021-21644
collector/nvd-cve
collector/github-advisory
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/references
agent/severity
agent/weakness
agent/author
agent/description
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
agent/tags
agent/event
collector/mitre-cve
source/MITRE
package-manager/redhat
vendor/jenkins
canonical/jenkins config file provider
version/jenkins config file provider/3.7.0
package-manager/maven

CVE-2021-21644: CSRF

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is CVE-2021-21644?

How severe is CVE-2021-21644?

How does CVE-2021-21644 affect Jenkins Config File Provider Plugin?

What is the remedy for CVE-2021-21644 in Jenkins Config File Provider Plugin?

Where can I find more information about CVE-2021-21644?

Company

Resources

Contact