Описание
Cross site scripting in Jenkins Mission Control Plugin
Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.
Пакеты
Наименование
tech.andrey.jenkins:mission-control-view
maven
Затронутые версииВерсия исправления
<= 0.9.16
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
около 6 лет назад
Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.