Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2021:0423 https://access.redhat.com/errata/RHSA-2021:0423
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-21608
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.5 Via RHSA-2021:0429 https://access.redhat.com/errata/RHSA-2021:0429