Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05OGdxLTZoeGctNTJyNs4AAnOI

XSS vulnerability in Jenkins notification bar

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents (typically shown after form submissions via Apply button).

This results in a cross-site scripting (XSS) vulnerability exploitable by attackers able to influence notification bar contents.

Jenkins 2.275, LTS 2.263.2 escapes the content shown in notification bars.

Permalink: https://github.com/advisories/GHSA-98gq-6hxg-52r6
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05OGdxLTZoeGctNTJyNs4AAnOI
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 4 months ago


CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-98gq-6hxg-52r6, CVE-2021-21603
References: Repository: https://github.com/jenkinsci/jenkins

Affected Packages

maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 2.263.2, <= 2.274, < 2.263.1
Fixed in: 2.275, 2.275