Описание
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Пакеты
Наименование
com.synopsys.jenkinsci:ownership
maven
Затронутые версииВерсия исправления
<= 0.13.0
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.