6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-21613

CVE-2021-21613: XSS vulnerability in Jenkins TICS Plugin

Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses.

This results in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content.

Jenkins TICS Plugin 2020.3.0.7 escapes TICS service responses, or strips HTML out, as appropriate.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2021-21613

CVE-2021-21613:

6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
io.jenkins.plugins:tics	maven	<= 2020.3.0.6	2020.3.0.7

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unsanitized rendering of TICS service responses. Key evidence includes:

The patched version introduces Jsoup.clean() sanitization in TqiPublisherResultBuilder when processing formattedValue
The Jelly template changed from 'escape-by-default="false"' to 'escape-by-default="true"'
Removed HtmlTag.java helper class that manually constructed HTML strings without contextual escaping
Added MetricData.java with explicit value sanitization logic These changes indicate the vulnerability existed in data processing and template rendering paths that handled raw API responses.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2021-21613: XSS vulnerability in Jenkins TICS Plugin

CVE-2021-21613:

6.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2021-21613: XSS vulnerability in Jenkins TICS Plugin

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

6.1

6.1

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI