Описание
Cross-site Scripting in Jenkins Naginator Plugin
Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.
Naginator Plugin 1.18.2 escapes display names of source builds.
Пакеты
Наименование
org.jenkins-ci.plugins:naginator
maven
Затронутые версииВерсия исправления
<= 1.18.1
1.18.2
Связанные уязвимости
CVSS3: 5.4
nvd
около 3 лет назад
Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.