CVE-2021-21611 - log back

CVE-2021-21611 edited at 13 Jan 2021 15:14:27
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2171
+ https://github.com/jenkinsci/jenkins/commit/8c451b08886561a914ef0c30cbb9d40ea33a9bbe
CVE-2021-21611 edited at 13 Jan 2021 15:03:55
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site scripting
Description
+ Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types. Jenkins 2.275, LTS 2.263.2 escapes display names and IDs of item types shown on the New Item page.
References
+ https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2171
Notes
CVE-2021-21611 created at 13 Jan 2021 14:47:46