Описание
Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin
Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Пакеты
Наименование
org.jenkins-ci.plugins:selected-tests-executor
maven
Затронутые версииВерсия исправления
<= 1.3.3
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.