Описание
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jenkins:anchorchain:1.0:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 29%
0.001
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8
github
9 месяцев назад
Jenkins AnchorChain Plugin Has a Cross-Site Scripting (XSS) Vulnerability
EPSS
Процентиль: 29%
0.001
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-79