Описание
Cross-site Scripting vulnerability in Jenkins
Since Jenkins 2.340, symbol-based icons unescape previously escaped values of tooltip parameters.
This vulnerability is known to be exploitable by attackers with Job/Configure permission.
Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescape values of tooltip parameters.
Пакеты
org.jenkins-ci.main:jenkins-core
>= 2.340, < 2.356
2.356
org.jenkins-ci.main:jenkins-core
>= 2.332, < 2.332.4
2.332.4
Связанные уязвимости
In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.
In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.
In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons une ...