PT-2021-14646 · Jenkins · Jenkins
Jesse Glick
+2
·
Published
2021-01-13
·
Updated
2024-03-06
·
CVE-2021-21603
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins versions 2.274 and earlier
Jenkins LTS versions 2.263.1 and earlier
Description
The issue results from the failure to escape notification bar response contents, leading to a cross-site scripting (XSS) vulnerability. This vulnerability can be exploited by attackers who can influence the contents of the notification bar, typically shown after form submissions via the Apply button.
Recommendations
For Jenkins versions 2.274 and earlier, update to version 2.275 or later.
For Jenkins LTS versions 2.263.1 and earlier, update to version 2.263.2 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins