Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/57943?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57943?format=api", "vulnerability_id": "VCID-xmyr-jaue-7ker", "summary": "Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs\nJenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints.\n\nThis allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.\n\nAn enumeration of system-scoped credentials IDs in Jenkins Config File Provider Plugin 3.7.1 requires Overall/Administer permission.", "aliases": [ { "alias": "CVE-2021-21643" }, { "alias": "GHSA-3m3f-2323-64m7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82129?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/143824?format=api", "purl": "pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-869x-tjbg-dkbr" }, { "vulnerability": "VCID-sztq-6p4h-b7ex" }, { "vulnerability": "VCID-u2dp-1t5z-z7dm" }, { "vulnerability": "VCID-xmyr-jaue-7ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/100580?format=api", "purl": "pkg:rpm/redhat/cri-o@1.20.2-12.rhaos4.7.git9f7be76?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-869x-tjbg-dkbr" }, { "vulnerability": "VCID-dwge-3up7-yyaq" }, { "vulnerability": "VCID-sztq-6p4h-b7ex" }, { "vulnerability": "VCID-u2dp-1t5z-z7dm" }, { "vulnerability": "VCID-w9qm-pwnh-4ydj" }, { "vulnerability": "VCID-xmyr-jaue-7ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.20.2-12.rhaos4.7.git9f7be76%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/100585?format=api", "purl": "pkg:rpm/redhat/cri-tools@1.20.0-3?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-869x-tjbg-dkbr" }, { "vulnerability": "VCID-dwge-3up7-yyaq" }, { "vulnerability": "VCID-sztq-6p4h-b7ex" }, { "vulnerability": "VCID-u2dp-1t5z-z7dm" }, { "vulnerability": "VCID-w9qm-pwnh-4ydj" }, { "vulnerability": "VCID-xmyr-jaue-7ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-tools@1.20.0-3%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/100582?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1624366838-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-869x-tjbg-dkbr" }, { "vulnerability": "VCID-sztq-6p4h-b7ex" }, { "vulnerability": "VCID-u2dp-1t5z-z7dm" }, { "vulnerability": "VCID-xmyr-jaue-7ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1624366838-1%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/100586?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.5.1623326336-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-869x-tjbg-dkbr" }, { "vulnerability": "VCID-sztq-6p4h-b7ex" }, { "vulnerability": "VCID-u2dp-1t5z-z7dm" }, { "vulnerability": "VCID-xmyr-jaue-7ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.5.1623326336-1%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/100581?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1623162648-1?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-869x-tjbg-dkbr" }, { "vulnerability": "VCID-sztq-6p4h-b7ex" }, { "vulnerability": "VCID-u2dp-1t5z-z7dm" }, { "vulnerability": "VCID-xmyr-jaue-7ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.6.1623162648-1%3Farch=el8" }, { "url": "http://public2.vulnerablecode.io/api/packages/100583?format=api", "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.7.1621361158-1?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-869x-tjbg-dkbr" }, { "vulnerability": "VCID-dwge-3up7-yyaq" }, { "vulnerability": "VCID-sztq-6p4h-b7ex" }, { "vulnerability": "VCID-u2dp-1t5z-z7dm" }, { "vulnerability": "VCID-w9qm-pwnh-4ydj" }, { "vulnerability": "VCID-xmyr-jaue-7ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.7.1621361158-1%3Farch=el8" }, { "url": "http://public2.vulnerablecode.io/api/packages/100584?format=api", "purl": "pkg:rpm/redhat/redhat-release-coreos@47.83-2?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-869x-tjbg-dkbr" }, { "vulnerability": "VCID-dwge-3up7-yyaq" }, { "vulnerability": "VCID-sztq-6p4h-b7ex" }, { "vulnerability": "VCID-u2dp-1t5z-z7dm" }, { "vulnerability": "VCID-w9qm-pwnh-4ydj" }, { "vulnerability": "VCID-xmyr-jaue-7ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/redhat-release-coreos@47.83-2%3Farch=el8" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21643.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21643.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21643", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74758", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74619", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74626", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74617", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74652", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74658", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.7466", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74663", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74693", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74719", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74685", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74704", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74533", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74538", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74564", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74539", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74586", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.7461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.7459", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74581", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21643" }, { "reference_url": "https://github.com/jenkinsci/config-file-provider-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/config-file-provider-plugin" }, { "reference_url": "https://github.com/jenkinsci/config-file-provider-plugin/commit/d615e3278358b033f5e8d0d2e3f38f467b0e29f2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/config-file-provider-plugin/commit/d615e3278358b033f5e8d0d2e3f38f467b0e29f2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643" }, { "reference_url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/04/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/04/21/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952148", "reference_id": "1952148", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952148" }, { "reference_url": "https://github.com/advisories/GHSA-3m3f-2323-64m7", "reference_id": "GHSA-3m3f-2323-64m7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3m3f-2323-64m7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2122", "reference_id": "RHSA-2021:2122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2431", "reference_id": "RHSA-2021:2431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2517", "reference_id": "RHSA-2021:2517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2517" } ], "weaknesses": [ { "cwe_id": 863, "name": "Incorrect Authorization", "description": "The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions." }, { "cwe_id": 281, "name": "Improper Preservation of Permissions", "description": "The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmyr-jaue-7ker" }