PT-2021-14731 · Jenkins · Jenkins Scriptler Plugin+1
Guy Lederfein
·
Published
2021-11-12
·
Updated
2023-11-22
·
CVE-2021-21700
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Scriptler Plugin versions 3.3 and earlier
Description
The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the Jenkins Scriptler Plugin does not escape the name of scripts on the UI when asking to confirm their deletion. This makes it exploitable by attackers who are able to create Scriptler scripts.
Recommendations
For Jenkins Scriptler Plugin versions 3.3 and earlier, update to version 3.4 or later, which escapes the name of scripts on the UI when asking to confirm their deletion.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Scriptler Plugin