Описание
Jenkins Cross-Site Scripting vulnerability in help icons
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values. This results in a stored cross-site scripting (XSS) vulnerability. Jenkins 2.252, LTS 2.235.4 escapes the tooltip content of help icons.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-2229
- https://github.com/jenkinsci/jenkins/commit/fe4cbe03804d6240d0b58d0b2301ea9530a34916
- https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1955
- http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html
- http://www.openwall.com/lists/oss-security/2020/08/12/4
Пакеты
org.jenkins-ci.main:jenkins-core
<= 2.235.3
2.235.4
org.jenkins-ci.main:jenkins-core
>= 2.236, <= 2.251
2.252
Связанные уязвимости
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...