Описание
Stored XSS vulnerability in Jenkins job build time trend
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.245, LTS 2.235.2 escapes the agent name.
Пакеты
org.jenkins-ci.main:jenkins-core
<= 2.235.1
2.235.2
org.jenkins-ci.main:jenkins-core
>= 2.236, <= 2.244
2.245
Связанные уязвимости
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...