Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-xmyr-jaue-7ker
Summary
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints.

This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of system-scoped credentials IDs in Jenkins Config File Provider Plugin 3.7.1 requires Overall/Administer permission.
Aliases
0
alias CVE-2021-21643
1
alias GHSA-3m3f-2323-64m7
Fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1
purl pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1
Affected_packages
0
url pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.0
purl pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-869x-tjbg-dkbr
1
vulnerability VCID-sztq-6p4h-b7ex
2
vulnerability VCID-u2dp-1t5z-z7dm
3
vulnerability VCID-xmyr-jaue-7ker
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.0
1
url pkg:rpm/redhat/cri-o@1.20.2-12.rhaos4.7.git9f7be76?arch=el7
purl pkg:rpm/redhat/cri-o@1.20.2-12.rhaos4.7.git9f7be76?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-869x-tjbg-dkbr
1
vulnerability VCID-dwge-3up7-yyaq
2
vulnerability VCID-sztq-6p4h-b7ex
3
vulnerability VCID-u2dp-1t5z-z7dm
4
vulnerability VCID-w9qm-pwnh-4ydj
5
vulnerability VCID-xmyr-jaue-7ker
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.20.2-12.rhaos4.7.git9f7be76%3Farch=el7
2
url pkg:rpm/redhat/cri-tools@1.20.0-3?arch=el7
purl pkg:rpm/redhat/cri-tools@1.20.0-3?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-869x-tjbg-dkbr
1
vulnerability VCID-dwge-3up7-yyaq
2
vulnerability VCID-sztq-6p4h-b7ex
3
vulnerability VCID-u2dp-1t5z-z7dm
4
vulnerability VCID-w9qm-pwnh-4ydj
5
vulnerability VCID-xmyr-jaue-7ker
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-tools@1.20.0-3%3Farch=el7
3
url pkg:rpm/redhat/jenkins-2-plugins@3.11.1624366838-1?arch=el7
purl pkg:rpm/redhat/jenkins-2-plugins@3.11.1624366838-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-869x-tjbg-dkbr
1
vulnerability VCID-sztq-6p4h-b7ex
2
vulnerability VCID-u2dp-1t5z-z7dm
3
vulnerability VCID-xmyr-jaue-7ker
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1624366838-1%3Farch=el7
4
url pkg:rpm/redhat/jenkins-2-plugins@4.5.1623326336-1?arch=el7
purl pkg:rpm/redhat/jenkins-2-plugins@4.5.1623326336-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-869x-tjbg-dkbr
1
vulnerability VCID-sztq-6p4h-b7ex
2
vulnerability VCID-u2dp-1t5z-z7dm
3
vulnerability VCID-xmyr-jaue-7ker
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.5.1623326336-1%3Farch=el7
5
url pkg:rpm/redhat/jenkins-2-plugins@4.6.1623162648-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.6.1623162648-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-869x-tjbg-dkbr
1
vulnerability VCID-sztq-6p4h-b7ex
2
vulnerability VCID-u2dp-1t5z-z7dm
3
vulnerability VCID-xmyr-jaue-7ker
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.6.1623162648-1%3Farch=el8
6
url pkg:rpm/redhat/jenkins-2-plugins@4.7.1621361158-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.7.1621361158-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-869x-tjbg-dkbr
1
vulnerability VCID-dwge-3up7-yyaq
2
vulnerability VCID-sztq-6p4h-b7ex
3
vulnerability VCID-u2dp-1t5z-z7dm
4
vulnerability VCID-w9qm-pwnh-4ydj
5
vulnerability VCID-xmyr-jaue-7ker
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.7.1621361158-1%3Farch=el8
7
url pkg:rpm/redhat/redhat-release-coreos@47.83-2?arch=el8
purl pkg:rpm/redhat/redhat-release-coreos@47.83-2?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-869x-tjbg-dkbr
1
vulnerability VCID-dwge-3up7-yyaq
2
vulnerability VCID-sztq-6p4h-b7ex
3
vulnerability VCID-u2dp-1t5z-z7dm
4
vulnerability VCID-w9qm-pwnh-4ydj
5
vulnerability VCID-xmyr-jaue-7ker
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/redhat-release-coreos@47.83-2%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21643.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21643.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21643
reference_id
reference_type
scores
0
value 0.00832
scoring_system epss
scoring_elements 0.74626
published_at 2026-04-18T12:55:00Z
1
value 0.00832
scoring_system epss
scoring_elements 0.74619
published_at 2026-04-16T12:55:00Z
2
value 0.00832
scoring_system epss
scoring_elements 0.74581
published_at 2026-04-13T12:55:00Z
3
value 0.00832
scoring_system epss
scoring_elements 0.7459
published_at 2026-04-12T12:55:00Z
4
value 0.00832
scoring_system epss
scoring_elements 0.7461
published_at 2026-04-11T12:55:00Z
5
value 0.00832
scoring_system epss
scoring_elements 0.74586
published_at 2026-04-09T12:55:00Z
6
value 0.00832
scoring_system epss
scoring_elements 0.74571
published_at 2026-04-08T12:55:00Z
7
value 0.00832
scoring_system epss
scoring_elements 0.74539
published_at 2026-04-07T12:55:00Z
8
value 0.00832
scoring_system epss
scoring_elements 0.74564
published_at 2026-04-04T12:55:00Z
9
value 0.00832
scoring_system epss
scoring_elements 0.74533
published_at 2026-04-01T12:55:00Z
10
value 0.00832
scoring_system epss
scoring_elements 0.74538
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21643
2
reference_url https://github.com/jenkinsci/config-file-provider-plugin
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/config-file-provider-plugin
3
reference_url https://github.com/jenkinsci/config-file-provider-plugin/commit/d615e3278358b033f5e8d0d2e3f38f467b0e29f2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/config-file-provider-plugin/commit/d615e3278358b033f5e8d0d2e3f38f467b0e29f2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21643
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21643
5
reference_url https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254
6
reference_url http://www.openwall.com/lists/oss-security/2021/04/21/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/04/21/2
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1952148
reference_id 1952148
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1952148
8
reference_url https://github.com/advisories/GHSA-3m3f-2323-64m7
reference_id GHSA-3m3f-2323-64m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3m3f-2323-64m7
9
reference_url https://access.redhat.com/errata/RHSA-2021:2122
reference_id RHSA-2021:2122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2122
10
reference_url https://access.redhat.com/errata/RHSA-2021:2431
reference_id RHSA-2021:2431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2431
11
reference_url https://access.redhat.com/errata/RHSA-2021:2517
reference_id RHSA-2021:2517
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2517
Weaknesses
0
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
1
cwe_id 281
name Improper Preservation of Permissions
description The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-xmyr-jaue-7ker