Login Sign Up

CVE-2021-21617

8.8 HIGH
CSRF

📋 TL;DR

This CSRF vulnerability in Jenkins Configuration Slicing Plugin allows attackers to trick authenticated users into unknowingly applying malicious slice configurations. Attackers can modify Jenkins job configurations without authorization. Affects Jenkins instances with Configuration Slicing Plugin 1.51 or earlier installed.

💻 Affected Systems

Products:
  • Jenkins Configuration Slicing Plugin
Versions: 1.51 and earlier
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Jenkins with Configuration Slicing Plugin installed. Attack requires authenticated user to be tricked into visiting malicious page.

📦 What is this software?

Configuration Slicing by Jenkins

View all CVEs affecting Configuration Slicing →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could reconfigure Jenkins jobs to execute arbitrary code, steal credentials, or disrupt CI/CD pipelines, potentially leading to supply chain compromise.

🟠

Likely Case

Attackers modify job configurations to insert malicious build steps, potentially leading to credential theft or unauthorized code execution within Jenkins environment.

🟢

If Mitigated

With proper CSRF protections and network segmentation, impact is limited to unauthorized configuration changes within the Jenkins instance.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

CSRF attacks are well-understood and easy to weaponize. Requires social engineering to trick authenticated users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.52

Vendor Advisory: https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2003

Restart Required: Yes

Instructions:

1. Update Jenkins Configuration Slicing Plugin to version 1.52 or later via Jenkins Plugin Manager. 2. Restart Jenkins service. 3. Verify plugin version in Installed Plugins list.

🔧 Temporary Workarounds

Enable CSRF Protection

all

Ensure Jenkins CSRF protection is enabled globally

Check Jenkins > Configure Global Security > Enable CSRF Protection

Network Segmentation

all

Restrict Jenkins access to trusted networks only

Configure firewall rules to limit Jenkins web interface access

🧯 If You Can't Patch

  • Implement strict network access controls to limit Jenkins web interface exposure
  • Educate users about CSRF risks and implement additional authentication for configuration changes

🔍 How to Verify

Check if Vulnerable:

Check Jenkins Plugin Manager for Configuration Slicing Plugin version. If version is 1.51 or earlier, system is vulnerable.

Check Version:

Check via Jenkins web interface: Manage Jenkins > Manage Plugins > Installed tab

Verify Fix Applied:

Verify Configuration Slicing Plugin version is 1.52 or later in Jenkins Plugin Manager.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected configuration changes in Jenkins logs
  • Multiple configuration update requests from same user in short timeframe

Network Indicators:

  • HTTP POST requests to /slicing/apply without proper CSRF tokens
  • External domains making requests to Jenkins configuration endpoints

SIEM Query:

source="jenkins.log" AND ("configuration slicing" OR "/slicing/apply") AND status=200

📊 Metadata

CVE ID: CVE-2021-21617
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: February 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21617, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)