CVE-2021-21619
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-21619
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Jenkins Claim Plugin 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Jenkins Claim 是 Jenkins开源的一个应用插件。提供用户从Jenkins声明失败的构建和测试,以表明他们有责任修复它们。 Jenkins Claim Plugin 2.18.1 and earlier 存在跨站脚本漏洞,该漏洞源于没有转义用户的显示名。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Jenkins project | Jenkins Claim Plugin | unspecified ~ 2.18.1 | - |
II. Public POCs for CVE-2021-21619
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-21619
请登录查看更多情报信息。
- https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2188%20%281%29x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-21619
Same Patch Batch · Jenkins project · 2021-02-24 · 7 CVEs total
| CVE-2021-21616 | Jenkins Active Choices 跨站脚本漏洞 | |
| CVE-2021-21617 | Jenkins Configuration Slicing 跨站请求伪造漏洞 | |
| CVE-2021-21618 | Jenkins Repository Connector 跨站脚本漏洞 | |
| CVE-2021-21620 | Jenkins Claim 跨站请求伪造漏洞 | |
| CVE-2021-21621 | Jenkins Support Core 信息泄露漏洞 | |
| CVE-2021-21622 | Jenkins Artifact Repository Parameter 跨站脚本漏洞 |
IV. Related Vulnerabilities
Same product: Jenkins Claim Plugin
V. Comments for CVE-2021-21619
No comments yet