Vulnerability in Jenkins Project Repository Connector Plugin
CVE-2021-21618
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
EPSS: 0.822 (99.6th percentile) — read the EPSS interpretation.
Affected products
- Jenkins Project Repository Connector Plugin — versions unspecified
References
- www.jenkins.io/security/advisory/2021-02-24/ (x_refsource_CONFIRM)