Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2021-02-24T15:05:28
Updated: 2024-08-03T18:16:23.809Z
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-21618
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-02-24T16:15:14.897
Modified: 2023-11-02T22:00:16.503
Link: CVE-2021-21618
Redhat
No data.