CVE-2021-21608

Cross-site Scripting in maven/org.jenkins-ci.main/jenkins-core

Identifiers

CVE-2021-21608

Package Slug

maven/org.jenkins-ci.main/jenkins-core

Vulnerability

Cross-site Scripting

Description

Jenkins does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.

Affected Versions

All versions after 2.263.1 up to 2.274

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-01-18

source