PT-2021-15113 · Micro Focus · Micro Focus Application Automation Tools Plugin

Wadeck Follonier

Published

2021-04-08

Updated

2022-05-24

CVE-2021-22510

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Micro Focus Application Automation Tools Plugin versions 6.7 and earlier

Description The issue is related to a reflected cross-site scripting (XSS) vulnerability. This occurs because the plugin does not properly escape user input in a form validation response. A security hardening measure was introduced in Jenkins 2.275 and LTS 2.263.2 to prevent exploitation of this vulnerability.

Recommendations For versions 6.7 and earlier, update to version 6.8 or later, which properly escapes user input in the affected form validation response. As a temporary workaround, consider restricting access to the plugin until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-22510

GHSA-GC2R-CCFH-62V9

Affected Products

Micro Focus Application Automation Tools Plugin

PT-2021-15113 · Micro Focus · Micro Focus Application Automation Tools Plugin

CVE-2021-22510

Weakness Enumeration

Related Identifiers

Affected Products

References · 7