Описание
Jenkins Job Config History Plugin reflected XSS vulnerability
A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access.
Пакеты
Наименование
org.jenkins-ci.plugins:jobConfigHistory
maven
Затронутые версииВерсия исправления
<= 2.18
2.18.1
Связанные уязвимости
CVSS3: 6.1
nvd
около 7 лет назад
A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access.