Описание
Stored XSS vulnerability in Jenkins GitHub Plugin
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
GitHub Plugin 1.37.3.1 escapes GitHub project URL on the build page when showing changes.
Пакеты
Наименование
com.coravy.hudson.plugins.github:github
maven
Затронутые версииВерсия исправления
< 1.37.3.1
1.37.3.1
Связанные уязвимости
CVSS3: 5.4
nvd
больше 2 лет назад
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.