Описание
Cross-site Scripting in Jenkins Job Configuration History Plugin
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
Пакеты
Наименование
org.jenkins-ci.plugins:jobConfigHistory
maven
Затронутые версииВерсия исправления
<= 1165.v8cc9fd1f4597
1166.vc9f255f45b
Связанные уязвимости
CVSS3: 5.4
nvd
около 3 лет назад
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.