Описание
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.91 (включая)
cpe:2.3:a:jenkins:static_analysis_utilities:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 15%
0.00049
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Persistent XSS vulnerability in Static Analysis Utilities
EPSS
Процентиль: 15%
0.00049
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79