Описание
Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.93.1 (исключая)
cpe:2.3:a:jenkins:email_extension:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 92%
0.07556
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
почти 3 года назад
Cross-site Scripting in Jenkins Email Extension Plugin
EPSS
Процентиль: 92%
0.07556
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79