CVE-2021-22513

Name of the Vulnerable Software and Affected Versions Micro Focus Application Automation Tools Plugin versions 6.7 and earlier

Description The issue is related to missing authorization in the Micro Focus Application Automation Tools Plugin, which could allow access without permission checks. This affects methods implementing form validation, enabling attackers with Overall/Read permission to connect to attacker-specified URLs using attacker-specified username and password. Additionally, the form validation methods are vulnerable to cross-site request forgery (CSRF) as they do not require POST requests.

Recommendations For versions 6.7 and earlier, consider updating to version 6.8 or later, which requires POST requests and Overall/Administer permission for the affected form validation methods, thus mitigating the issue. As a temporary workaround, consider restricting access to the form validation methods to minimize the risk of exploitation.