CVE-2021-21608

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier

Description The issue results from the failure to escape button labels in the Jenkins UI, leading to a cross-site scripting (XSS) vulnerability. This vulnerability can be exploited by attackers who have the ability to control button labels. For example, buttons with user-controlled labels, such as those in the Pipeline input step, can be used to exploit this issue.

Recommendations For Jenkins versions 2.274 and earlier, update to version 2.275 or later to resolve the issue. For Jenkins LTS versions 2.263.1 and earlier, update to version 2.263.2 or later to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-JENKINS-2021-21608

CVE-2021-21608

GHSA-WV63-GWR9-5C55

RHSA-2021:0423

RHSA-2021:0429

RHSA-2021:0637

Affected Products

Jenkins

CVE-2021-21608

Weakness Enumeration

Related Identifiers

Affected Products

References · 10