Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-21610

Опубликовано: 13 янв. 2021
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup.

A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat from this vulnerability is to data confidentiality and integrity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Fuse 7jenkinsNot affected
Red Hat OpenShift Container Platform 3.11jenkinsFixedRHSA-2021:063703.03.2021
Red Hat OpenShift Container Platform 4.5conmonFixedRHSA-2021:042903.03.2021
Red Hat OpenShift Container Platform 4.5jenkinsFixedRHSA-2021:042903.03.2021
Red Hat OpenShift Container Platform 4.5machine-config-daemonFixedRHSA-2021:042903.03.2021
Red Hat OpenShift Container Platform 4.5openshiftFixedRHSA-2021:042903.03.2021
Red Hat OpenShift Container Platform 4.5openshift-ansibleFixedRHSA-2021:042903.03.2021
Red Hat OpenShift Container Platform 4.5openshift-clientsFixedRHSA-2021:042903.03.2021
Red Hat OpenShift Container Platform 4.5runcFixedRHSA-2021:042903.03.2021
Red Hat OpenShift Container Platform 4.6jenkinsFixedRHSA-2021:042317.02.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1925151jenkins: Reflected XSS vulnerability in markup formatter preview

EPSS

Процентиль: 55%
0.00327
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-21610

CVSS3: 6.1
nvd
около 5 лет назад

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup.

debian логотип

CVE-2021-21610

CVSS3: 6.1
debian
около 5 лет назад

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement ...

github логотип

GHSA-7qf3-c2q8-69m3

CVSS3: 6.1
github
больше 3 лет назад

Reflected XSS vulnerability in Jenkins markup formatter preview

EPSS

Процентиль: 55%
0.00327
Низкий

6.1 Medium

CVSS3