Описание
Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin
Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation.
This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by users with Job/Configure permission.
Sonargraph Integration Plugin 3.0.1 escapes the affected part of the error message.
Пакеты
Наименование
org.jenkins-ci.plugins:sonargraph-integration
maven
Затронутые версииВерсия исправления
<= 3.0.0
3.0.1
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability.