Access Restriction Bypass Affecting org.jenkins-ci.plugins:hp-application-automation-tools-plugin package, versions [,6.8)

Q: How to fix?

<p>Upgrade <code>org.jenkins-ci.plugins:hp-application-automation-tools-plugin</code> to version 6.8 or higher.</p>

Snyk CVSS

Attack Complexity Low

Confidentiality High

Threat Intelligence

EPSS 0.05% (22^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-1244517
published 9 Apr 2021
disclosed 9 Apr 2021
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 9 Apr 2021

CVE-2021-22513 Open this link in a new tab CWE-862 Open this link in a new tab

How to fix?

Upgrade org.jenkins-ci.plugins:hp-application-automation-tools-plugin to version 6.8 or higher.

Overview

org.jenkins-ci.plugins:hp-application-automation-tools-plugin is a The plugin integrates Jenkins with the following Micro Focus products - Service Virtualization, LoadRunner, LoadRunner Enterprise, Unified Functional Testing, QuickTest Professional, Service Test, Unified Functional Testing Mobile, Application Lifecycle Management and Application Lifecycle Management Octane.

Affected versions of this package are vulnerable to Access Restriction Bypass. Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.

References

Jenkins Security Advisory