Описание
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escaped on build time trend pages which could lead to a stored cross-site scripting (XSS) vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Дополнительная информация
Статус:
EPSS
8 High
CVSS3
Связанные уязвимости
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...
Stored XSS vulnerability in Jenkins job build time trend
EPSS
8 High
CVSS3