Описание
Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. Version 1.0.8 of the plugin converts the value to a boolean (true/false) and inserts that into the page instead.
Пакеты
Наименование
se.diabol.jenkins.pipeline:delivery-pipeline-plugin
maven
Затронутые версииВерсия исправления
<= 1.0.7
1.0.8
Связанные уязвимости
CVSS3: 6.1
nvd
около 8 лет назад
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.