RULE(RULE ID:333972)

Rule General Information
Release Date: 2021-10-28
Rule Name: Jenkins Repository Connector Plugin Stored Cross Site Scripting Vulnerability (CVE-2021-21618)
Severity:
CVE ID:
Rule Protection Details
Description: Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Impact: An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed.
Affected OS: Windows, Linux, Others
Reference: https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2183
Solutions
The vendor has released upgrade patches to fix vulnerabilities, please visit:
https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2183