Описание
Stored XSS vulnerability in Jenkins Active Choices Plugin
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Active Choices Plugin 2.5.7 escapes references to parameter names.
Пакеты
Наименование
org.biouno:uno-choice
maven
Затронутые версииВерсия исправления
<= 2.5.6
2.5.7
Связанные уязвимости
CVSS3: 5.4
nvd
около 4 лет назад
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.