{
  "threat_severity" : "Important",
  "public_date" : "2021-01-13T00:00:00Z",
  "bugzilla" : {
    "description" : "jenkins: Stored XSS vulnerability in button labels",
    "id" : "1925140",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1925140"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.", "A flaw was found in jenkins.  A cross-site scripting (XSS) vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity." ],
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0637",
    "cpe" : "cpe:/a:redhat:openshift:3.11::el7",
    "package" : "jenkins-0:2.263.3.1612433584-1.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "conmon-2:2.0.21-1.rhaos4.5.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "jenkins-0:2.263.3.1612434332-1.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.6",
    "release_date" : "2021-02-17T00:00:00Z",
    "advisory" : "RHSA-2021:0423",
    "cpe" : "cpe:/a:redhat:openshift:4.6::el8",
    "package" : "jenkins-0:2.263.3.1612434510-1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Not affected",
    "package_name" : "jenkins",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-21608\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21608" ],
  "name" : "CVE-2021-21608",
  "csaw" : false
}