CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21603 – jenkins: XSS vulnerability in notification bar
https://notcve.org/view.php?id=CVE-2021-21603
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. Jenkins versiones 2.274 y anteriores, LTS versiones 2.263.1 y anteriores, no escapan el contenido de respuesta de la barra de notificaciones, resultando en una vulnerabilidad de tipo cross-site scripting (XSS). A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the contents of the notification bar responses not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity. • https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1889 https://access.redhat.com/security/cve/CVE-2021-21603 https://bugzilla.redhat.com/show_bug.cgi?id=1925160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21602 – jenkins: Arbitrary file read vulnerability in workspace browsers
https://notcve.org/view.php?id=CVE-2021-21602
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. Jenkins versiones 2.274 y anteriores, LTS versiones 2.263.1 y anteriores, permite leer archivos arbitrarios usando el explorador de archivos para espacios de trabajo y artefactos archivados al seguir enlaces simbólicos. • https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1452 https://access.redhat.com/security/cve/CVE-2021-21602 https://bugzilla.redhat.com/show_bug.cgi?id=1925161 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •