---

CVE-2021-21608 - log back

CVE-2021-21608 edited at 13 Jan 2021 15:13:15
References	https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2035 + https://github.com/jenkinsci/jenkins/commit/8c451b08886561a914ef0c30cbb9d40ea33a9bbe

CVE-2021-21608 edited at 13 Jan 2021 14:59:31
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Cross-site scripting
Description	+ Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI. This results in a cross-site scripting vulnerability exploitable by attackers with the ability to control button labels. An example of buttons with a user-controlled label are the buttons of the Pipeline input step. Jenkins 2.275, LTS 2.263.2 escapes button labels in the Jenkins UI.
References	+ https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2035
Notes

CVE-2021-21608 created at 13 Jan 2021 14:47:46