Описание
Jenkins Project Inheritance Plugin vulnerable to cross site scripting
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
Пакеты
Наименование
hudson.plugins:project-inheritance
maven
Затронутые версииВерсия исправления
<= 21.04.03
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.