cvelistv5 - CVE-2021-22513

CVE-2021-22513 (GCVE-0-2021-22513)

Vulnerability from cvelistv5 – Published: 2021-04-08 21:16 – Updated: 2024-08-03 18:44

Summary

Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.

Severity ?

No CVSS data available.

CWE

CWE-862 - Missing Authorization

Assigner

microfocus

References

URL

Tags

https://www.jenkins.io/security/advisory/2021-04-…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Micro Focus Application Automation Tools Plugin - Jenkins plugin.	Affected: 6.7 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:44:14.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Micro Focus Application Automation Tools Plugin - Jenkins plugin.",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "6.7 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-08T21:16:58",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2021-22513",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Micro Focus Application Automation Tools Plugin - Jenkins plugin.",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.7 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132",
              "refsource": "MISC",
              "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2021-22513",
    "datePublished": "2021-04-08T21:16:58",
    "dateReserved": "2021-01-05T00:00:00",
    "dateUpdated": "2024-08-03T18:44:14.052Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*\", \"versionEndIncluding\": \"6.7\", \"matchCriteriaId\": \"C56414EA-2516-44ED-ADAD-4D2368189712\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.\"}, {\"lang\": \"es\", \"value\": \"Una falta de una vulnerabilidad de autorizaci\\u00f3n en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins.\u0026#xa0;La vulnerabilidad afecta a versi\\u00f3n 6.7 y versiones anteriores.\u0026#xa0;La vulnerabilidad podr\\u00eda permitir el acceso sin comprobaci\\u00f3n de permisos\"}]",
      "id": "CVE-2021-22513",
      "lastModified": "2024-11-21T05:50:15.480",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-04-08T22:15:13.603",
      "references": "[{\"url\": \"https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@opentext.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@opentext.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-22513\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2021-04-08T22:15:13.603\",\"lastModified\":\"2024-11-21T05:50:15.480\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.\"},{\"lang\":\"es\",\"value\":\"Una falta de una vulnerabilidad de autorizaci\u00f3n en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins.\u0026#xa0;La vulnerabilidad afecta a versi\u00f3n 6.7 y versiones anteriores.\u0026#xa0;La vulnerabilidad podr\u00eda permitir el acceso sin comprobaci\u00f3n de permisos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*\",\"versionEndIncluding\":\"6.7\",\"matchCriteriaId\":\"C56414EA-2516-44ED-ADAD-4D2368189712\"}]}]}],\"references\":[{\"url\":\"https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132\",\"source\":\"security@opentext.com\"},{\"url\":\"https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-7QP2-RGXR-29Q4

Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-12-13 19:14

Summary

Missing permission checks in Micro Focus Application Automation Tools Plugin

Details

Micro Focus Application Automation Tools Plugin 6.7 and earlier does not perform permission checks in methods implementing form validation.

This allows attackers with Overall/Read permission to connect to attacker-specified URLs using attacker-specified username and password.

Additionally, these form validation methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Micro Focus Application Automation Tools Plugin 6.8 requires POST requests and Overall/Administer permission for the affected form validation methods.

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.7"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:hp-application-automation-tools-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.2.3-beta"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-22513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-13T19:14:11Z",
    "nvd_published_at": "2021-04-08T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Micro Focus Application Automation Tools Plugin 6.7 and earlier does not perform permission checks in methods implementing form validation.\n\nThis allows attackers with Overall/Read permission to connect to attacker-specified URLs using attacker-specified username and password.\n\nAdditionally, these form validation methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.\n\nMicro Focus Application Automation Tools Plugin 6.8 requires POST requests and Overall/Administer permission for the affected form validation methods.",
  "id": "GHSA-7qp2-rgxr-29q4",
  "modified": "2022-12-13T19:14:11Z",
  "published": "2022-05-24T17:46:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22513"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/hpe-application-automation-tools-plugin/commit/497a143d9a95e9c937501ca329fe0dae22a0d9cd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/hpe-application-automation-tools-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing permission checks in Micro Focus Application Automation Tools Plugin"
}

GSD-2021-22513

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-22513

Aliases

CVE-2021-22513

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22513",
    "description": "Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.",
    "id": "GSD-2021-22513"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22513"
      ],
      "details": "Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.",
      "id": "GSD-2021-22513",
      "modified": "2023-12-13T01:23:24.124741Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "ID": "CVE-2021-22513",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Micro Focus Application Automation Tools Plugin - Jenkins plugin.",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "6.7 and earlier versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-862: Missing Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132",
            "refsource": "MISC",
            "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,6.7]",
          "affected_versions": "All versions up to 6.7",
          "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-352",
            "CWE-862",
            "CWE-937"
          ],
          "date": "2022-12-21",
          "description": "Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.",
          "fixed_versions": [
            "6.8"
          ],
          "identifier": "CVE-2021-22513",
          "identifiers": [
            "GHSA-7qp2-rgxr-29q4",
            "CVE-2021-22513"
          ],
          "not_impacted": "All versions after 6.7",
          "package_slug": "maven/org.jenkins-ci.plugins/hp-application-automation-tools-plugin",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 6.8 or above.",
          "title": "Missing Authorization",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-22513",
            "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132",
            "https://github.com/advisories/GHSA-7qp2-rgxr-29q4"
          ],
          "uuid": "d3b6c051-3a30-41df-abb4-9187e7ceec0c"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2021-22513"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-04-14T20:04Z",
      "publishedDate": "2021-04-08T22:15Z"
    }
  }
}

CNVD-2021-29435

Vulnerability from cnvd - Published: 2021-04-19

Title

CloudBees Micro Focus Application Automation Tools插件权限检查不当漏洞

Description

CloudBees Jenkins（Hudson Labs）是美国CloudBees公司的一套基于Java开发的持续集成工具。该产品主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。 Micro Focus Application Automation Tools Plugin 6.7及之前版本存在权限检查不当漏洞。该漏洞源于程序未在实现表单验证的方法中执行权限检查。具备“Overall/Read”权限的攻击者可利用该漏洞通过使用攻击者指定的用户名和密码连接到攻击者指定的URL。

Severity

中

Patch Name

CloudBees Micro Focus Application Automation Tools插件权限检查不当漏洞的补丁

Patch Description

Formal description

厂商已发布相关漏洞补丁链接，请关注厂商主页及时更新： https://www.jenkins.io/security/advisory/2021-04-07/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-22513

Impacted products

Name
CloudBees Micro Focus Application Automation Tools Plugin <=6.7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22513",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-22513"
    }
  },
  "description": "CloudBees Jenkins\uff08Hudson Labs\uff09\u662f\u7f8e\u56fdCloudBees\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eJava\u5f00\u53d1\u7684\u6301\u7eed\u96c6\u6210\u5de5\u5177\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u6301\u7eed\u7684\u8f6f\u4ef6\u7248\u672c\u53d1\u5e03/\u6d4b\u8bd5\u9879\u76ee\u548c\u4e00\u4e9b\u5b9a\u65f6\u6267\u884c\u7684\u4efb\u52a1\u3002\n\nMicro Focus Application Automation Tools Plugin 6.7\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6743\u9650\u68c0\u67e5\u4e0d\u5f53\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u5728\u5b9e\u73b0\u8868\u5355\u9a8c\u8bc1\u7684\u65b9\u6cd5\u4e2d\u6267\u884c\u6743\u9650\u68c0\u67e5\u3002\u5177\u5907\u201cOverall/Read\u201d\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u4f7f\u7528\u653b\u51fb\u8005\u6307\u5b9a\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u8fde\u63a5\u5230\u653b\u51fb\u8005\u6307\u5b9a\u7684URL\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://www.jenkins.io/security/advisory/2021-04-07/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-29435",
  "openTime": "2021-04-19",
  "patchDescription": "CloudBees Jenkins\uff08Hudson Labs\uff09\u662f\u7f8e\u56fdCloudBees\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eJava\u5f00\u53d1\u7684\u6301\u7eed\u96c6\u6210\u5de5\u5177\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u6301\u7eed\u7684\u8f6f\u4ef6\u7248\u672c\u53d1\u5e03/\u6d4b\u8bd5\u9879\u76ee\u548c\u4e00\u4e9b\u5b9a\u65f6\u6267\u884c\u7684\u4efb\u52a1\u3002\r\n\r\nMicro Focus Application Automation Tools Plugin 6.7\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6743\u9650\u68c0\u67e5\u4e0d\u5f53\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u5728\u5b9e\u73b0\u8868\u5355\u9a8c\u8bc1\u7684\u65b9\u6cd5\u4e2d\u6267\u884c\u6743\u9650\u68c0\u67e5\u3002\u5177\u5907\u201cOverall/Read\u201d\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u4f7f\u7528\u653b\u51fb\u8005\u6307\u5b9a\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u8fde\u63a5\u5230\u653b\u51fb\u8005\u6307\u5b9a\u7684URL\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "CloudBees Micro Focus Application Automation Tools\u63d2\u4ef6\u6743\u9650\u68c0\u67e5\u4e0d\u5f53\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "CloudBees Micro Focus Application Automation Tools Plugin \u003c=6.7"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-22513",
  "serverity": "\u4e2d",
  "submitTime": "2021-04-08",
  "title": "CloudBees Micro Focus Application Automation Tools\u63d2\u4ef6\u6743\u9650\u68c0\u67e5\u4e0d\u5f53\u6f0f\u6d1e"
}

FKIE_CVE-2021-22513

Vulnerability from fkie_nvd - Published: 2021-04-08 22:15 - Updated: 2024-11-21 05:50

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	security@opentext.com	https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132
	af854a3a-2127-422b-91ae-364da2661108	https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132

Impacted products

	Vendor	Product	Version
	microfocus	application_automation_tools	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "C56414EA-2516-44ED-ADAD-4D2368189712",
              "versionEndIncluding": "6.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks."
    },
    {
      "lang": "es",
      "value": "Una falta de una vulnerabilidad de autorizaci\u00f3n en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins.\u0026#xa0;La vulnerabilidad afecta a versi\u00f3n 6.7 y versiones anteriores.\u0026#xa0;La vulnerabilidad podr\u00eda permitir el acceso sin comprobaci\u00f3n de permisos"
    }
  ],
  "id": "CVE-2021-22513",
  "lastModified": "2024-11-21T05:50:15.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-08T22:15:13.603",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "security@opentext.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22513 (GCVE-0-2021-22513)

GHSA-7QP2-RGXR-29Q4

GSD-2021-22513

CNVD-2021-29435

FKIE_CVE-2021-22513

Tags

Sightings

Nomenclature