Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1qbTRnLThydnEtdjg3as4AAoyP

Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.

The permission check was partially fixed in XebiaLabs XL Deploy Plugin 7.5.9: A permission check was added, but for the wrong permission, still allowing some non-admin users to access the form validation method.

Permalink: https://github.com/advisories/GHSA-jm4g-8rvq-v87j
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qbTRnLThydnEtdjg3as4AAoyP
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 4 months ago

CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-jm4g-8rvq-v87j, CVE-2021-21664
References:

• https://nvd.nist.gov/vuln/detail/CVE-2021-21664
• https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982
• http://www.openwall.com/lists/oss-security/2021/06/10/14
• https://github.com/jenkinsci/xldeploy-plugin/commit/79ae204d2ee6cd94badf4c24a150cee13a3bde44
• https://github.com/advisories/GHSA-jm4g-8rvq-v87j

Repository: https://github.com/jenkinsci/xldeploy-plugin
Blast Radius: 1.0

Affected Packages