Описание
Stored XSS vulnerability in Jenkins Repository Connector Plugin
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Repository Connector Plugin 2.0.3 escapes parameter names and descriptions when creating new parameters.
Пакеты
Наименование
org.jenkins-ci.plugins:repository-connector
maven
Затронутые версииВерсия исправления
<= 2.0.2
2.0.3
Связанные уязвимости
CVSS3: 5.4
nvd
почти 5 лет назад
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.