Vulnerability in Jenkins Project Extra Columns Plugin

CVE-2021-21630

Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

EPSS: 0.724 (99.4th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Extra Columns Plugin — versions unspecified

References

www.jenkins.io/security/advisory/2021-03-30/ (x_refsource_CONFIRM)
[oss-security] 20210330 Multiple vulnerabilities in Jenkins plugins (mailing-list, x_refsource_MLIST)