CVE-2021-21619

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21619

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21619.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-21619

Aliases

GHSA-48hr-jg4p-w4p4

Published

2021-02-24T16:15:14Z

Modified

2024-09-03T03:40:35.532132Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins.

References

Affected packages

Git / github.com/jenkinsci/claim-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/claim-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b1f6b6851ec2ed87862957f9228217745e8c66f8

Affected versions

claim-2.*

claim-2.0

claim-2.1

claim-2.10

claim-2.11

claim-2.12

claim-2.13

claim-2.13.1

claim-2.14

claim-2.14.1

claim-2.15

claim-2.16

claim-2.17

claim-2.18

claim-2.18.1

claim-2.2

claim-2.3

claim-2.4

claim-2.5

claim-2.6

claim-2.7

claim-2.8

claim-2.9