4 matches found
Jenkins Claim Plugin Cross-Site Scripting (CVE-2021-21619)
A stored cross-site scripting vulnerability exists in Jenkins Claim plugin. This vulnerability is due to insufficient validation of the displayName shown in claims...
CVE-2021-21619
creationtimestamp| type| source ---|---|--- 2021-02-24 18:36:51+00:00| seen| https://t.me/cibsecurity/24074...
CVE-2021-21619
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins...
CVE-2021-21619
The CVE-2021-21619 issue affects Jenkins Claim Plugin (version ≤ 2.18.1). A stored XSS vulnerability arises because the plugin does not escape the user display name, allowing an attacker who can set a user’s display name (via the security realm or within Jenkins) to inject/script content. The vul...