Описание
Stored XSS vulnerability in Jenkins button labels
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI.
This results in a cross-site scripting vulnerability exploitable by attackers with the ability to control button labels. An example of buttons with a user-controlled label are the buttons of the Pipeline input step.
Jenkins 2.275, LTS 2.263.2 escapes button labels in the Jenkins UI.
Пакеты
org.jenkins-ci.main:jenkins-core
< 2.263.1
2.275
org.jenkins-ci.main:jenkins-core
>= 2.263.2, <= 2.274
2.275
Связанные уязвимости
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape but ...