Описание
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Fixed | RHSA-2021:0637 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | conmon | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | jenkins | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | machine-config-daemon | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift-ansible | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift-clients | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | runc | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.6 | jenkins | Fixed | RHSA-2021:0423 | 17.02.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape but ...
Stored XSS vulnerability in Jenkins button labels
EPSS
5.4 Medium
CVSS3