Maven package
org.jenkins-ci.plugins/claim
pkg:maven/org.jenkins-ci.plugins/claim
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-21620 | Med | 4.3 | < 2.18.2 | 2.18.2 | Feb 24, 2021 | A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims. | |
| CVE-2021-21619 | Med | 5.4 | < 2.18.2 | 2.18.2 | Feb 24, 2021 | Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jen |
- affected < 2.18.2fixed 2.18.2
A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.
- affected < 2.18.2fixed 2.18.2
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jen