CVE-2021-21649

Name of the Vulnerable Software and Affected Versions Jenkins Dashboard View Plugin versions 2.15 and earlier Jenkins Dashboard View Plugin versions prior to 2.16 Jenkins Dashboard View Plugin version 2.12.1 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because URLs referenced in Image Dashboard Portlets are not properly escaped. This vulnerability can be exploited by attackers who have View/Configure permission. The estimated number of potentially affected devices worldwide is not available.

Recommendations For Jenkins Dashboard View Plugin versions 2.15 and earlier, update to version 2.16 or later. For Jenkins Dashboard View Plugin versions prior to 2.16, update to version 2.16 or later. For Jenkins Dashboard View Plugin version 2.12.1 and earlier, update to version 2.12.1 or later, or apply the configuration change to use the new imageUrl property instead of url for image URLs. As a temporary workaround, consider restricting access to the Image Dashboard Portlets to minimize the risk of exploitation.