Описание
Cross-site Scripting in Jenkins Deployment Dashboard Plugin
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
As of publication of this advisory, there is no fix.
Пакеты
Наименование
org.jenkins-ci.plugins:ec2-deployment-dashboard
maven
Затронутые версииВерсия исправления
<= 1.0.10
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.