Miggo Logo
Miggo Vulnerability Database
CVE-2021-21660

CVE-2021-21660: XSS vulnerability in Jenkins Markdown Formatter Plugin

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-21660
GHSA ID
GHSA-xqpp-26pp-2365
EPSS Score
0.47731%
CWE
CWE-79
Published
5/24/2022
Updated
12/22/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
io.jenkins.plugins:markdown-formattermaven<= 0.1.00.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper URL sanitization in markdown link rendering. The pre-patch code used Flexmark library's HtmlRenderer with escapeHtml(true) but lacked URL sanitization features. The critical fix in the commit switched to CommonMark's HtmlRenderer with both escapeHtml(true) and sanitizeUrls(true), explicitly addressing URL schemes. The test case changes demonstrate that previously dangerous links like click me were not properly neutralized, while post-patch they get sanitized with 'nofollow' and empty hrefs. The translate method is directly responsible for parsing and rendering user-controlled markdown content, making it the vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins M*rk*own *orm*tt*r Plu*in *.*.* *n* **rli*r us*s * M*rk*own li*r*ry to p*rs* M*rk*own t**t *o*s not *s**p* *r**t** link t*r**t URLs. T*is r*sults in * stor** *ross-sit* s*riptin* (XSS) vuln*r**ility *xploit**l* *y *tt**k*rs wit* t** **ility

Reasoning

T** vuln*r**ility st*mm** *rom improp*r URL s*nitiz*tion in m*rk*own link r*n**rin*. T** pr*-p*t** *o** us** *l*xm*rk li*r*ry's *tmlR*n**r*r wit* *s**p**tml(tru*) *ut l**k** URL s*nitiz*tion ***tur*s. T** *riti**l *ix in t** *ommit swit**** to *ommon