Описание
Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.4.6 (исключая)
cpe:2.3:a:jenkins:owasp_dependency-check:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 78%
0.01117
Низкий
5.4 Medium
CVSS3
7.3 High
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
почти 2 года назад
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability
EPSS
Процентиль: 78%
0.01117
Низкий
5.4 Medium
CVSS3
7.3 High
CVSS3
Дефекты
CWE-79
CWE-79