Description
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Jenkins project | Jenkins Markdown Formatter Plugin | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-5842 | Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter. |
 Github GHSA |
GHSA-xqpp-26pp-2365 | XSS vulnerability in Jenkins Markdown Formatter Plugin |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2024-08-03T18:23:27.399Z
Reserved: 2021-01-04T00:00:00.000Z
Link: CVE-2021-21660
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-05-25T17:15:08.150
Modified: 2024-11-21T05:48:47.090
Link: CVE-2021-21660
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses