Vulnerability in Jenkins Project Build With Parameters Plugin

CVE-2021-21628

Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

EPSS: 0.819 (99.6th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Build With Parameters Plugin — versions unspecified

References

www.jenkins.io/security/advisory/2021-03-30/ (x_refsource_CONFIRM)
[oss-security] 20210330 Multiple vulnerabilities in Jenkins plugins (mailing-list, x_refsource_MLIST)