Описание
Stored XSS vulnerability in Jenkins Badge Plugin
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Пакеты
Наименование
org.jenkins-ci.plugins:badge
maven
Затронутые версииВерсия исправления
< 1.9.1
1.9.1
Связанные уязвимости
CVSS3: 5.4
nvd
около 4 лет назад
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.