CVE-2021-21652

Name of the Vulnerable Software and Affected Versions Jenkins Xray - Test Management for Jira Plugin versions 2.4.0 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. This issue arises because the plugin does not require POST requests for a connection test method.

Recommendations For Jenkins Xray - Test Management for Jira Plugin versions 2.4.0 and earlier, update to version 2.4.1 or later, which requires POST requests for the affected connection test method, mitigating the CSRF vulnerability.