Описание
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
A flaw was found in jenkins in versions prior to 2.244 and versions prior to LTS 2.235.1. Job names in the 'Keep this build forever' badge tooltip are not properly escaped which results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Дополнительная информация
Статус:
EPSS
8 High
CVSS3
Связанные уязвимости
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...
Stored XSS vulnerability in Jenkins 'keep forever' badge icon
EPSS
8 High
CVSS3