← Back

Claim

claim

Vendor: Jenkins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-21620
1Jenkins
1Claim
Jun 17, 2026
Feb 24, 2021
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.
CVE-2021-21619
1Jenkins
1Claim
Jun 17, 2026
Feb 24, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins...Show more
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins.Show less