GHSA-wc2g-9j98-vcgw

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Jenkins Subversion Release Manager Plugin vulnerable to cross-site scripting (XSS)

Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation. This results in a reflected cross-site scripting vulnerability that can also be exploited similar to a stored cross-site scripting vulnerability by users with Job/Configure permission.

Ссылки

Пакеты

Наименование

org.jvnet.hudson.plugins:svn-release-mgr

maven

Затронутые версииВерсия исправления

<= 1.2

Отсутствует

EPSS

Процентиль: 24%

0.00082

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2020-2152

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-2152

CVSS3: 6.1

redhat

почти 6 лет назад

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.

CVE-2020-2152

CVSS3: 6.1

nvd

почти 6 лет назад

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.

EPSS

Процентиль: 24%

0.00082

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2020-2152

Дефекты

CWE-79