4.3
CVSSv2

CVE-2021-21610

Published: 13/01/2021 Updated: 02/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jenkins jenkins

Vendor Advisories

Synopsis Important: OpenShift Container Platform 4617 security and packages update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4617 is now available withupdates to packages and images that fix several bugsThis release includes a security update for Red ...
Jenkins allows administrators to choose the markup formatter to use for descriptions of jobs, builds, views, etc displayed in Jenkins When editing such a description, users can choose to have Jenkins render a formatted preview of the description they entered Jenkins 2274 and earlier, LTS 22631 and earlier does not implement any restrictions f ...