Is CVE-2021-21699 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project Active Choices Plugin

CVE-2021-21699

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Co…

EPSS: 0.885 (99.8th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Active Choices Plugin — versions unspecified

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.jenkins.io/security/advisory/2021-11-12/ (x_refsource_CONFIRM)
[oss-security] 20211112 Multiple vulnerabilities in Jenkins plugins (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2021-21699?: CVE-2021-21699 is a vulnerability in Jenkins Project Active Choices Plugin. Published 2021-11-12.
Is CVE-2021-21699 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.