CVE-2021-21648

Summary

Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Credentials Pluginunspecified <= 2.3.18affected
Jenkins projectJenkins Credentials Plugin2.3.0.1unaffected
Jenkins projectJenkins Credentials Plugin2.3.7.1unaffected
Jenkins projectJenkins Credentials Plugin2.3.14.1unaffected
Jenkins projectJenkins Credentials Plugin2.3.13.1unaffected
Jenkins projectJenkins Credentials Plugin2.3.15.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References