{
  "threat_severity" : "Important",
  "public_date" : "2021-01-13T00:00:00Z",
  "bugzilla" : {
    "description" : "jenkins: XSS vulnerability in notification bar",
    "id" : "1925160",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1925160"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.", "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the contents of the notification bar responses not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity." ],
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0637",
    "cpe" : "cpe:/a:redhat:openshift:3.11::el7",
    "package" : "jenkins-0:2.263.3.1612433584-1.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "conmon-2:2.0.21-1.rhaos4.5.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "jenkins-0:2.263.3.1612434332-1.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.6",
    "release_date" : "2021-02-17T00:00:00Z",
    "advisory" : "RHSA-2021:0423",
    "cpe" : "cpe:/a:redhat:openshift:4.6::el8",
    "package" : "jenkins-0:2.263.3.1612434510-1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Not affected",
    "package_name" : "jenkins",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-21603\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21603" ],
  "name" : "CVE-2021-21603",
  "csaw" : false
}