Описание
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
Micro Focus Application Automation Tools Plugin 6.7 and earlier does not escape user input in a form validation response.
This results in a reflected cross-site scripting (XSS) vulnerability.
Micro Focus Application Automation Tools Plugin 6.8 escapes user input in the affected form validation response.
A security hardening since Jenkins 2.275 and LTS 2.263.2 prevents exploitation of this vulnerability.
Пакеты
Наименование
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
maven
Затронутые версииВерсия исправления
<= 6.7
6.8
Связанные уязвимости
CVSS3: 6.1
nvd
почти 5 лет назад
Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions.