Vulnerabilities > Jenkins > Team Foundation Server

DATE CVE VULNERABILITY TITLE RISK
2021-03-30 CVE-2021-21638 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Team Foundation Server
A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2021-03-30 CVE-2021-21637 Missing Authorization vulnerability in Jenkins Team Foundation Server
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
6.5
2021-03-30 CVE-2021-21636 Missing Authorization vulnerability in Jenkins Team Foundation Server
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
4.3
2020-09-01 CVE-2020-2249 Missing Encryption of Sensitive Data vulnerability in Jenkins Team Foundation Server
Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
local
low complexity
jenkins CWE-311
3.3
3.3