GHSA-cx5r-p4vj-2mqh

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting

Build Pipeline Plugin does not properly escape variables in views, resulting in a stored cross-site scripting vulnerability exploitable by users with permission to configure build pipelines.

This vulnerability is only exploitable on Jenkins releases older than 2.146 or 2.138.2 due to the security hardening implemented in those releases.

As of publication of this advisory, there is no fix.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:build-pipeline-plugin

maven

Затронутые версииВерсия исправления

<= 1.5.8

Отсутствует

EPSS

Процентиль: 28%

0.00102

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2019-10373

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-10373

CVSS3: 5.4

nvd

больше 6 лет назад

A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

EPSS

Процентиль: 28%

0.00102

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2019-10373

Дефекты

CWE-79