Описание
Jenkins Pipeline Aggregator View Plugin vulnerable to Cross-site Scripting
Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission. Version 1.14 obtains the current URL in a way not susceptible to XSS.
Пакеты
com.paul8620.jenkins.plugins:pipeline-aggregator-view
< 1.14
1.14
Связанные уязвимости
Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.