Описание
Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting
Dashboard View Plugin did not escape the build description on the Latest Builds View. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the description of builds shown on that view.
Dashboard View Plugin now applies the configured markup formatter to the build description, rendering it as it appears elsewhere in Jenkins.
Пакеты
Наименование
org.jenkins-ci.plugins:dashboard-view
maven
Затронутые версииВерсия исправления
< 2.12
2.12
Связанные уязвимости
CVSS3: 5.4
nvd
больше 6 лет назад
Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions.