CVE-2021-21684

Updated: 2023-11-23 19:23:25.598776

Description:

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x MEDIUM 6.1

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS git 1.7.1 6.1 MEDIUM Ignored 2023-02-08 04:03:34
CentOS 7 ELS git 1.8.3 6.1 MEDIUM Not Vulnerable 2024-03-11 09:53:11
CentOS 8.4 ELS git 2.27.0 6.1 MEDIUM Ignored 2023-02-08 04:03:36
CentOS 8.5 ELS git 2.27.0 6.1 MEDIUM Ignored 2023-02-08 04:03:36
CloudLinux 6 ELS git 1.7.1 6.1 MEDIUM Ignored 2023-02-08 04:03:34
Oracle Linux 6 ELS git 1.7.1 6.1 MEDIUM Ignored 2023-02-08 04:03:34
Ubuntu 16.04 ELS git 2.7.4 6.1 MEDIUM Ignored 2023-02-08 04:03:36
Ubuntu 18.04 ELS git 2.17.1 6.1 MEDIUM Not Vulnerable 2024-05-09 10:22:05