Описание
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3 (включая)
cpe:2.3:a:jenkins:pegdown_formatter:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 28%
0.00102
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Jenkins PegDown Formatter Plugin has Cross-site Scripting vulnerability
EPSS
Процентиль: 28%
0.00102
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79