This advisory announces vulnerabilities in the following Jenkins deliverables:
- Credentials Plugin
- Dashboard View Plugin
- P4 Plugin
- S3 publisher Plugin
- Xcode integration Plugin
- Xray - Test Management for Jira Plugin
Reflected XSS vulnerability in Credentials Plugin
SECURITY-2349 / CVE-2021-21648
Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides.
This results in a reflected cross-site scripting (XSS) vulnerability.
Credentials Plugin 2.3.19 restricts the user-controlled information it provides to a safe subset.Download