Описание
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting
Jenkins NS-ND Integration Performance Publisher Plugin prior to version 4.8.0.147 does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Пакеты
Наименование
io.jenkins.plugins:cavisson-ns-nd-integration
maven
Затронутые версииВерсия исправления
< 4.8.0.147
4.8.0.147
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.