CVE-2021-22513 - OpenCVE

Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microfocus	Application Automation Tools

Configuration 1 [-]

cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*

No data.

References

Link	Providers
https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2021-04-08T21:16:58

Updated: 2024-08-03T18:44:14.052Z

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-22513

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-04-08T22:15:13.603

Modified: 2023-11-07T03:30:16.860

Link: CVE-2021-22513

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Micro Focus Application Automation Tools Plugin - Jenkins plugin.", "vendor": "n/a", "versions": [{"status": "affected", "version": "6.7 and earlier versions"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-08T21:16:58", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2021-22513", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Micro Focus Application Automation Tools Plugin - Jenkins plugin.", "version": {"version_data": [{"version_value": "6.7 and earlier versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862: Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132", "refsource": "MISC", "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:44:14.052Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2021-22513", "datePublished": "2021-04-08T21:16:58", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T18:44:14.052Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "C56414EA-2516-44ED-ADAD-4D2368189712", "versionEndIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks."}, {"lang": "es", "value": "Una falta de una vulnerabilidad de autorizaci\u00f3n en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins. La vulnerabilidad afecta a versi\u00f3n 6.7 y versiones anteriores. La vulnerabilidad podr\u00eda permitir el acceso sin comprobaci\u00f3n de permisos"}], "id": "CVE-2021-22513", "lastModified": "2023-11-07T03:30:16.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-08T22:15:13.603", "references": [{"source": "security@opentext.com", "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@opentext.com", "type": "Secondary"}]}