CVE-2021-21665

Name of the Vulnerable Software and Affected Versions Jenkins XebiaLabs XL Deploy Plugin versions 10.0.1 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.

Recommendations For Jenkins XebiaLabs XL Deploy Plugin versions 10.0.1 and earlier, update to version 10.0.2 or later, which requires POST requests and Overall/Administer permission for the affected form validation method. As a temporary workaround, consider restricting access to the plugin's form validation method to minimize the risk of exploitation.