Описание
A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5 (включая)
cpe:2.3:a:jenkins:shelve_project:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 18%
0.00058
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin
EPSS
Процентиль: 18%
0.00058
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79