• Home
  • Jenkins Security Advisory 2021-05-11

Latest Jenkins security issues.

About Notice

This advisory announces vulnerabilities in the following Jenkins deliverables:

  • Credentials Plugin
  • Dashboard View Plugin
  • P4 Plugin
  • S3 publisher Plugin
  • Xcode integration Plugin
  • Xray - Test Management for Jira Plugin


Reflected XSS vulnerability in Credentials Plugin

SECURITY-2349 / CVE-2021-21648

Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides.

This results in a reflected cross-site scripting (XSS) vulnerability.

Credentials Plugin 2.3.19 restricts the user-controlled information it provides to a safe subset.