CVE-2021-21618: Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site…

medium5.4CVSS 3.1

AVNACLPRLUIRSCCLILAN

Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Affected

9 ranges

Vendor	Product	Version range	Fixed in
jenkins	active_choices_plugin	—	—
jenkins	artifact_repository_parameter_plugin	—	—
jenkins	claim_plugin	—	—
jenkins	configuration_slicing_plugin	—	—
jenkins	ids_in_support_core_plugin	—	—
jenkins	repository_connector	<= 2.0.2	—
jenkins	repository_connector_plugin	—	—
jenkins	support_core_plugin	—	—
jenkins_project	jenkins_repository_connector_plugin	unspecified – 2.0.2	—