Описание
Stored XSS vulnerability in Jenkins Compact Columns Plugin
Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips.
This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.
Compact Columns Plugin 1.12 applies the configured markup formatter to the job description shown in tooltips.
Пакеты
Наименование
org.jenkins-ci.plugins:compact-columns
maven
Затронутые версииВерсия исправления
< 1.12
1.12
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.