CVE-2021-21610
Cross-site Scripting in maven/org.jenkins-ci.main/jenkins-core
Identifiers
CVE-2021-21610
Package Slug
maven/org.jenkins-ci.main/jenkins-core
Vulnerability
Cross-site Scripting
Description
Jenkins does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup.
Affected Versions
All versions after 2.263.1 up to 2.274
Solution
Unfortunately, there is no solution available yet.
Last Modified
2021-01-18
| source |