CVE-2021-21611

Cross-site Scripting in maven/org.jenkins-ci.main/jenkins-core

Identifiers

CVE-2021-21611

Package Slug

maven/org.jenkins-ci.main/jenkins-core

Vulnerability

Cross-site Scripting

Description

Jenkins does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.

Affected Versions

All versions after 2.263.1 up to 2.274

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-01-18

source