Описание
XSS vulnerability in Jenkins TICS Plugin
Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses.
This results in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content.
Jenkins TICS Plugin 2020.3.0.7 escapes TICS service responses, or strips HTML out, as appropriate.
Пакеты
Наименование
io.jenkins.plugins:tics
maven
Затронутые версииВерсия исправления
<= 2020.3.0.6
2020.3.0.7
Связанные уязвимости
CVSS3: 6.1
nvd
около 5 лет назад
Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content.