CVE-2021-21676

Name of the Vulnerable Software and Affected Versions Jenkins requests-plugin Plugin versions 2.2.7 and earlier

Description The issue is related to a missing permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address. This affects versions of the Jenkins requests-plugin Plugin prior to version 2.2.8, which now requires Overall/Administer permission to send test emails.

Recommendations For Jenkins requests-plugin Plugin versions 2.2.7 and earlier, update to version 2.2.8 or later, which requires Overall/Administer permission to send test emails, mitigating the issue.