Описание
Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability
Jenkins Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view.
Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.
As of publication of this advisory, there is no fix.
Пакеты
org.jenkins-ci.plugins:docker-swarm
<= 1.11
Отсутствует
Связанные уязвимости
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.
Уязвимость компонента Docker Swarm Dashboard плагина Jenkins Docker Swarm Plugin, позволяющая нарушителю проводить межсайтовые сценарные атаки