Описание
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step.
EPSS
Процентиль: 14%
0.00046
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8
github
3 месяца назад
Jenkins AnchorChain Plugin Has a Cross-Site Scripting (XSS) Vulnerability
EPSS
Процентиль: 14%
0.00046
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-79