Описание
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Fixed | RHBA-2020:0017 | 14.01.2020 |
| Red Hat OpenShift Container Platform 4.3 | jenkins | Fixed | RHBA-2020:0063 | 23.01.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors.
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...
Improper Neutralization of Input During Web Page Generation in Jenkins
EPSS
5.4 Medium
CVSS3