Описание
Jenkins buildgraph-view Plugin vulnerable to stored Cross-site Scripting
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored cross-site scripting vulnerability exploitable by users able to change build descriptions.
Пакеты
Наименование
org.jenkins-ci.plugins:buildgraph-view
maven
Затронутые версииВерсия исправления
<= 1.8
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
около 6 лет назад
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions.