CVE-2021-21684
published 2021-10-06CVE-2021-21684: Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | git | <= 4.8.2 | — |
| jenkins | git_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins_project | jenkins_git_plugin | unspecified – 4.8.2 | — |