GHSA-hv48-hgp6-xpqf

Опубликовано: 16 авг. 2023

Источник: github

Github: Прошло ревью

CVSS3: 8

Описание

Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability

Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.

Flaky Test Handler Plugin 1.2.3 escapes JUnit test contents when showing them on the Jenkins UI.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:flaky-test-handler

maven

Затронутые версииВерсия исправления

< 1.2.3

1.2.3

EPSS

Процентиль: 89%

0.04677

Низкий

8 High

CVSS3

CVE ID

CVE-2023-40342

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-40342

CVSS3: 5.4

nvd

больше 2 лет назад

Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.

EPSS

Процентиль: 89%

0.04677

Низкий

8 High

CVSS3

CVE ID

CVE-2023-40342

Дефекты

CWE-79