icon

We found results for “

CVE-2021-21660

Date: May 25, 2021

Overview

Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter.

Details

The Jenkins ` markdown-formatter ` plugin can be abused by Stored Cross-Site Scripting vulnerability since the function `translate()` performs improper validation checks using `escapeHTML()` function on the input sent to the `description` parameter before rendering it in markdown format. Due to this flaw, an authenticated attacker can cause Stored Cross-Site Scripting.

PoC Details

On the Jenkins application with markdown-formatter installed, click on Manage Jenkins, select configureSecurity in security configuration category and then select the markup formatter as Markdown Format and save it. Then click on add description, and put the payload in the `description` text field, then submit the description. One hyperlink has been created in description and XSS will trigger once it is clicked.

PoC Code

[click me](javascript:alert`XSS`)

Affected Environments

0.1.0

Prevention

Upgrade to 0.2.0

Language: Java

Good to know:

icon
icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version io.jenkins.plugins:markdown-formatter:0.2.0

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: