GHSA-h3hg-r97v-5r9w

Опубликовано: 16 мая 2023

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin’s test information pages.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.

TestNG Results Plugin 730.732.v959a_3a_a_eb_a_72 escapes the affected values that are parsed from TestNG report files.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:testng-plugin

maven

Затронутые версииВерсия исправления

< 730.732.v959a

730.732.v959a

EPSS

Процентиль: 85%

0.02557

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2023-32984

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-32984

CVSS3: 5.4

nvd

больше 2 лет назад

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.

EPSS

Процентиль: 85%

0.02557

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2023-32984

Дефекты

CWE-79