{
  "threat_severity" : "Important",
  "public_date" : "2021-01-13T00:00:00Z",
  "bugzilla" : {
    "description" : "jenkins: Stored XSS vulnerability on new item page",
    "id" : "1925145",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1925145"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.", "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to display names and IDs of item types shown on the New Item page not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity." ],
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0637",
    "cpe" : "cpe:/a:redhat:openshift:3.11::el7",
    "package" : "jenkins-0:2.263.3.1612433584-1.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "conmon-2:2.0.21-1.rhaos4.5.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "jenkins-0:2.263.3.1612434332-1.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2021-03-03T00:00:00Z",
    "advisory" : "RHSA-2021:0429",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.6",
    "release_date" : "2021-02-17T00:00:00Z",
    "advisory" : "RHSA-2021:0423",
    "cpe" : "cpe:/a:redhat:openshift:4.6::el8",
    "package" : "jenkins-0:2.263.3.1612434510-1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Not affected",
    "package_name" : "jenkins",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-21611\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21611" ],
  "name" : "CVE-2021-21611",
  "csaw" : false
}