CVE-2021-21667

Name of the Vulnerable Software and Affected Versions Jenkins Scriptler Plugin versions 3.2 and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability. This is due to the plugin not escaping parameter names shown in job configuration forms. Attackers with Scriptler/Configure permission can exploit this issue.

Recommendations For Jenkins Scriptler Plugin versions 3.2 and earlier, update to version 3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to job configuration forms for users without Scriptler/Configure permission to minimize the risk of exploitation.