CVE-2021-21611

Опубликовано: 13 янв. 2021

Источник: redhat

CVSS3: 5.4

Описание

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.

A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to display names and IDs of item types shown on the New Item page not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Fuse 7	jenkins	Not affected
Red Hat OpenShift Container Platform 3.11	jenkins	Fixed	RHSA-2021:0637	03.03.2021
Red Hat OpenShift Container Platform 4.5	conmon	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	jenkins	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	machine-config-daemon	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	openshift	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	openshift-ansible	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	openshift-clients	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	runc	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.6	jenkins	Fixed	RHSA-2021:0423	17.02.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1925145jenkins: Stored XSS vulnerability on new item page

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2021-21611

CVSS3: 5.4

nvd

около 5 лет назад

CVE-2021-21611

CVSS3: 5.4

debian

около 5 лет назад

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape dis ...

GHSA-mj7q-cmf3-mg7h

CVSS3: 5.4

github

больше 3 лет назад

Stored XSS vulnerability in Jenkins on new item page

5.4 Medium

CVSS3