Описание
Stored XSS vulnerability in Jenkins Active Choices Plugin
Jenkins Active Choices Plugin 2.4 and earlier does not escape List and Map return values of sandboxed scripts for Reactive Reference Parameters.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
This issue is caused by an incomplete fix for SECURITY-470.
Active Choices Plugin 2.5 escapes all legal return values of sandboxed scripts.
Пакеты
Наименование
org.biouno:uno-choice
maven
Затронутые версииВерсия исправления
< 2.5
2.5
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.