Описание
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 838.va_3a_087b_4055b (включая)
cpe:2.3:a:jenkins:pipeline\:_supporting_apis:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 89%
0.04273
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
redhat
больше 3 лет назад
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.
CVSS3: 8
github
больше 3 лет назад
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
EPSS
Процентиль: 89%
0.04273
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79