Описание
Cross-site Scripting in Jenkins Spring Config Plugin
Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names. Spring Config Plugin 2.0.1 escapes build display names shown on the Spring Config view.
Пакеты
Наименование
io.jenkins.plugins:spring-config
maven
Затронутые версииВерсия исправления
< 2.0.1
2.0.1
Связанные уязвимости
CVSS3: 5.4
nvd
около 3 лет назад
Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names.