Vulnerability Details CVE-2021-21619
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2021-21619
-
cpe:2.3:a:jenkins:claim:1.0
-
cpe:2.3:a:jenkins:claim:1.1
-
cpe:2.3:a:jenkins:claim:1.2
-
cpe:2.3:a:jenkins:claim:1.3
-
cpe:2.3:a:jenkins:claim:1.4
-
cpe:2.3:a:jenkins:claim:1.5
-
cpe:2.3:a:jenkins:claim:1.6
-
cpe:2.3:a:jenkins:claim:1.7
-
cpe:2.3:a:jenkins:claim:2.0
-
cpe:2.3:a:jenkins:claim:2.1
-
cpe:2.3:a:jenkins:claim:2.10
-
cpe:2.3:a:jenkins:claim:2.11
-
cpe:2.3:a:jenkins:claim:2.12
-
cpe:2.3:a:jenkins:claim:2.13
-
cpe:2.3:a:jenkins:claim:2.13.1
-
cpe:2.3:a:jenkins:claim:2.14
-
cpe:2.3:a:jenkins:claim:2.14.1
-
cpe:2.3:a:jenkins:claim:2.15
-
cpe:2.3:a:jenkins:claim:2.16
-
cpe:2.3:a:jenkins:claim:2.17
-
cpe:2.3:a:jenkins:claim:2.18
-
cpe:2.3:a:jenkins:claim:2.18.1
-
cpe:2.3:a:jenkins:claim:2.2
-
cpe:2.3:a:jenkins:claim:2.3
-
cpe:2.3:a:jenkins:claim:2.4
-
cpe:2.3:a:jenkins:claim:2.5
-
cpe:2.3:a:jenkins:claim:2.6
-
cpe:2.3:a:jenkins:claim:2.7
-
cpe:2.3:a:jenkins:claim:2.8
-
cpe:2.3:a:jenkins:claim:2.9