CVE-2021-21666

Опубликовано: 10 июн. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.

Ссылки

http://www.openwall.com/lists/oss-security/2021/06/10/14
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-2367
Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/06/10/14
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-2367
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:kiuwan:*:*:*:*:*:jenkins:*:*

Версия до 1.6.0 (включая)

EPSS

Процентиль: 38%

0.00168

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8h77-3xwr-hqhh