Описание
Stored XSS vulnerability in Jenkins Active Choices Plugin
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Active Choices Plugin 2.5 escapes the name of build parameters and applies the configured markup formatter to the description of build parameters.
Пакеты
Наименование
org.biouno:uno-choice
maven
Затронутые версииВерсия исправления
< 2.5
2.5
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.