Описание
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.10.12 (включая)
cpe:2.3:a:jenkins:s3_publisher:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 18%
0.00058
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Stored XSS vulnerability in Jenkins S3 Publisher Plugin
EPSS
Процентиль: 18%
0.00058
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79