Miggo Logo

CVE-2021-21643: Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.63099%
Published
5/24/2022
Updated
12/7/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:config-file-providermaven<= 3.7.03.7.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from incorrect authorization checks in credential enumeration endpoints. The commit diff shows both functions were modified to replace a simple Item.CONFIGURE check with more granular permission checks (ADMINISTER for global, EXTENDED_READ+USE_ITEM for projects). The original implementations' use of Item.CONFIGURE allowed attackers with that permission (which is broader than required) to access credential IDs. The added test cases in Security2254Test.java validate that proper permissions are now required, confirming these were the vulnerable endpoints.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins *on*i* *il* Provi**r Plu*in *.*.* *n* **rli*r *o*s not *orr**tly p*r*orm p*rmission ****ks in s*v*r*l *TTP *n*points. T*is *llows *tt**k*rs wit* *lo**l Jo*/*on*i*ur* p*rmission to *num*r*t* syst*m-s*op** *r***nti*ls I*s o* *r***nti*ls stor**

Reasoning

T** vuln*r**ility st*ms *rom in*orr**t *ut*oriz*tion ****ks in *r***nti*l *num*r*tion *n*points. T** *ommit *i** s*ows *ot* *un*tions w*r* mo*i*i** to r*pl*** * simpl* It*m.*ON*I*UR* ****k wit* mor* *r*nul*r p*rmission ****ks (**MINIST*R *or *lo**l,