CVE-2021-21603 - log back

CVE-2021-21603 edited at 13 Jan 2021 15:11:32
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1889
+ https://github.com/jenkinsci/jenkins/commit/f5d98421604e44f398e7de9d222b191a705608af
CVE-2021-21603 edited at 13 Jan 2021 14:52:04
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site scripting
Description
+ Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents (typically shown after form submissions via Apply button). This results in a cross-site scripting (XSS) vulnerability exploitable by attackers able to influence notification bar contents. Jenkins 2.275, LTS 2.263.2 escapes the content shown in notification bars.
References
+ https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1889
Notes
CVE-2021-21603 created at 13 Jan 2021 14:47:46