GHSA-98gq-6hxg-52r6

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

XSS vulnerability in Jenkins notification bar

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents (typically shown after form submissions via Apply button).

This results in a cross-site scripting (XSS) vulnerability exploitable by attackers able to influence notification bar contents.

Jenkins 2.275, LTS 2.263.2 escapes the content shown in notification bars.

Ссылки

Пакеты

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

< 2.263.1

2.275

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

>= 2.263.2, <= 2.274

2.275

EPSS

Процентиль: 54%

0.00319

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-21603

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-21603

CVSS3: 5.4

redhat

около 5 лет назад

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.

CVE-2021-21603

CVSS3: 5.4

nvd

около 5 лет назад

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.

CVE-2021-21603

CVSS3: 5.4

debian

около 5 лет назад

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape not ...

EPSS

Процентиль: 54%

0.00319

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-21603

Дефекты

CWE-79