CVE-2021-21616
published 2021-02-24CVE-2021-21616: Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability…
medium4.6CVSS 3.1
AVNACLPRLUIRSUCLILAN
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_choices | <= 2.5.2 | — |
| jenkins | active_choices_plugin | — | — |
| jenkins | artifact_repository_parameter_plugin | — | — |
| jenkins | claim_plugin | — | — |
| jenkins | configuration_slicing_plugin | — | — |
| jenkins | ids_in_support_core_plugin | — | — |
| jenkins | repository_connector_plugin | — | — |
| jenkins | support_core_plugin | — | — |
| jenkins_project | jenkins_active_choices_plugin | unspecified – 2.5.2 | — |