CVE-2021-21631

Name of the Vulnerable Software and Affected Versions Jenkins Cloud Statistics Plugin versions 0.26 and earlier

Description The issue concerns a lack of permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages. This affects users with specific permissions, potentially exposing sensitive information.

Recommendations For Jenkins Cloud Statistics Plugin versions 0.26 and earlier, update to version 0.27 or later, which requires Overall/Administer permission to access provisioning exception error messages, thus mitigating the issue.