CVE-2021-21699
published 2021-11-12CVE-2021-21699: Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ipython | ipython | >= 0 < 5.11 | 5.11 |
| ipython | ipython | >= 6.0.0 < 7.16.3 | 7.16.3 |
| ipython | ipython | >= 7.17.0 < 7.31.1 | 7.31.1 |
| ipython | ipython | >= 8.0.0 < 8.0.1 | 8.0.1 |
| jenkins | active_choices | <= 2.5.6 | — |
| jenkins | active_choices_plugin | — | — |
| jenkins | owasp_dependency-check_plugin | — | — |
| jenkins | performance_plugin | — | — |
| jenkins | scriptler_plugin | — | — |
| jenkins_project | jenkins_active_choices_plugin | unspecified – 2.5.6 | — |