Miggo Logo
Miggo Vulnerability Database
CVE-2021-21699

CVE-2021-21699: Stored XSS vulnerability in Jenkins Active Choices Plugin

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-21699
GHSA ID
GHSA-rp4x-h577-chvq
EPSS Score
0.97708%
CWE
CWE-79
Published
5/24/2022
Updated
12/18/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.biouno:uno-choicemaven<= 2.5.62.5.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unescaped parameter name insertion in multiple Jelly templates. The commit patching CVE-2021-21699 systematically adds h.escape() to: 1) jQuery selectors using paramName, 2) parameter name references in JavaScript constructors (it.getName()), 3) HTML element IDs (it.randomName). These locations directly inject user-controlled parameter names into DOM/JS contexts without sanitization in vulnerable versions, enabling stored XSS when attackers craft malicious parameter names.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins **tiv* **oi**s Plu*in *.*.* *n* **rli*r *o*s not *s**p* t** p*r*m*t*r n*m* o* r***tiv* p*r*m*t*rs *n* *yn*mi* r***r*n** p*r*m*t*rs. T*is r*sults in * stor** *ross-sit* s*riptin* (XSS) vuln*r**ility *xploit**l* *y *tt**k*rs wit* Jo*/*on*i*ur*

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** p*r*m*t*r n*m* ins*rtion in multipl* J*lly t*mpl*t*s. T** *ommit p*t**in* `*V*-****-*****` syst*m*ti**lly ***s `*.*s**p*()` to: *) `jQu*ry` s*l**tors usin* `p*r*mN*m*`, *) p*r*m*t*r n*m* r***r*n**s in J*v*S*ript