Описание
Stored XSS vulnerability in Jenkins Cadence vManager Plugin
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
Cadence vManager Plugin 3.0.5 removes affected tooltips.
Пакеты
Наименование
org.jenkins-ci.plugins:vmanager-plugin
maven
Затронутые версииВерсия исправления
<= 3.0.4
3.0.5
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.