Описание
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Not affected | ||
| Red Hat OpenShift Container Platform 4.4 | jenkins-2-plugins | Fixed | RHSA-2020:3625 | 08.09.2020 |
| Red Hat OpenShift Container Platform 4.5 | jenkins-2-plugins | Fixed | RHSA-2020:3207 | 31.07.2020 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1847337jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
CVSS3: 5.4
github
больше 3 лет назад
Improper Neutralization of Input During Web Page Generation in Jenkins Script Security Plugin
5.4 Medium
CVSS3