Published on: 06/10/2021 12:00:00 AM UTC
Last Modified on: 06/10/2021 06:15:00 PM UTC
Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
- CVE-2021-21666 has been assigned by [email protected] to track the vulnerability
- Affected Vendor/Software: Jenkins project - Jenkins Kiuwan Plugin version <= 1.6.0
|Jenkins Security Advisory 2021-06-10|| www.jenkins.io |
|oss-security - Multiple vulnerabilities in Jenkins plugins|| www.openwall.com |
|MLIST [oss-security] 20210610 Multiple vulnerabilities in Jenkins plugins|