Описание
Stored XSS vulnerability in Code Coverage API Plugin
Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view.
This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the job configuration.
Code Coverage API Plugin 1.1.3 escapes the filename of the coverage report used in its view.
Пакеты
Наименование
io.jenkins.plugins:code-coverage-api
maven
Затронутые версииВерсия исправления
<= 1.1.2
1.1.3
Связанные уязвимости
CVSS3: 5.4
nvd
около 6 лет назад
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.