Описание
Stored XSS vulnerability in Jenkins console links
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission.
Jenkins 2.245, LTS 2.235.2 escapes the href attribute of these links.
Пакеты
org.jenkins-ci.main:jenkins-core
<= 2.235.1
2.235.2
org.jenkins-ci.main:jenkins-core
>= 2.236, <= 2.244
2.245
Связанные уязвимости
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape cor ...