CVE-2021-21630

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Extra Columns Plugin versions 1.22 and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability due to the plugin not escaping parameter values in the build parameters column. This vulnerability is exploitable by attackers with Job/Configure permission. Additionally, for a view containing such a job, the attacker needs either the build parameters column to be configured or View/Configure permission.

Recommendations For Jenkins Extra Columns Plugin versions 1.22 and earlier, update to version 1.23 or later, which escapes parameter values in the build parameters column, to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-21630

GHSA-WX66-PM7R-2Q82

Affected Products

Jenkins

Jenkins Extra Columns Plugin

CVE-2021-21630

Weakness Enumeration

Related Identifiers

Affected Products

References · 8