Описание
Jenkins build-metrics Plugin reflected cross-site scripting vulnerability
Jenkins build-metrics Plugin does not properly escape the label query parameter, resulting in a reflected cross-site scripting vulnerability.
As of publication of this advisory, there is no fix.
Ссылки
Пакеты
Наименование
org.jenkins-ci.plugins:build-metrics
maven
Затронутые версииВерсия исправления
<= 1.3
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
больше 6 лет назад
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.