Vulnerabilities > Jenkins > Team Foundation Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-30 CVE-2021-21637 Missing Authorization vulnerability in Jenkins Team Foundation Server
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
2021-03-30 CVE-2021-21636 Missing Authorization vulnerability in Jenkins Team Foundation Server
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3