logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2021-21618 org.jenkins-ci.plugins:repository-connector

Package

Manager: maven
Name: org.jenkins-ci.plugins:repository-connector
Vulnerable Version: >=0 <2.0.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00982 pctl0.75913

Details

Stored XSS vulnerability in Jenkins Repository Connector Plugin Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Repository Connector Plugin 2.0.3 escapes parameter names and descriptions when creating new parameters.

Metadata

Created: 2022-05-24T17:43:00Z
Modified: 2023-10-27T13:29:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hg2w-3c4j-jjwm/GHSA-hg2w-3c4j-jjwm.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-hg2w-3c4j-jjwm
Finding: F425
Auto approve: 1