Описание
Cross site scripting in Jenkins build-metrics Plugin
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.
Пакеты
Наименование
org.jenkins-ci.plugins:build-metrics
maven
Затронутые версииВерсия исправления
<= 1.3
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.