Описание
Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.93.1 (исключая)
cpe:2.3:a:jenkins:email_extension:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 92%
0.07556
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
почти 3 года назад
Cross-site Scripting in Jenkins Email Extension Plugin
EPSS
Процентиль: 92%
0.07556
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79