PT-2021-14659 · Jenkins · Jenkins Active Choices Plugin+1

Wadeck Follonier

Published

2021-02-24

Updated

2023-11-03

CVE-2021-21616

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Active Choices Plugin versions 2.5.2 and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability due to the failure to escape reference parameter values. This vulnerability is exploitable by attackers with Job/Configure permission.

Recommendations For Jenkins Active Choices Plugin versions 2.5.2 and earlier, update to version 2.5.3 or later, which escapes reference parameter values, to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-21616

GHSA-4F6X-G5VH-8JM5

Affected Products

Jenkins

Jenkins Active Choices Plugin

PT-2021-14659 · Jenkins · Jenkins Active Choices Plugin+1

CVE-2021-21616

Weakness Enumeration

Related Identifiers

Affected Products

References · 11