[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Multiple vulnerabilities in Jenkins plugins
From: Daniel Beck <ml () beckweb ! net>
Date: 2021-06-16 13:32:20
Message-ID: F09E188B-8CA8-4E1F-B7E3-714E5A04ACB2 () beckweb ! net
[Download RAW message or body]
Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software.
The following releases contain fixes for security vulnerabilities:
* Scriptler Plugin 3.2 and 3.3
Summaries of the vulnerabilities are below. More details, severity, and
attribution can be found here:
https://www.jenkins.io/security/advisory/2021-06-16/
We provide advance notification for security updates on this mailing list:
https://groups.google.com/d/forum/jenkinsci-advisories
If you discover security vulnerabilities in Jenkins, please report them as
described here:
https://www.jenkins.io/security/#reporting-vulnerabilities
---
SECURITY-2224 / CVE-2021-21667
Scriptler Plugin 3.2 and earlier does not escape parameter names shown in
job configuration forms.
This results in a stored cross-site scripting (XSS) vulnerability
exploitable by attackers with Scriptler/Configure permission.
SECURITY-2390 / CVE-2021-21668
Scriptler Plugin 3.1 and earlier does not escape script content.
This results in a stored cross-site scripting (XSS) vulnerability
exploitable by attackers with Scriptler/Configure permission.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic