Описание
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
The reflected cross-site scripting (XSS) vulnerability was found in jenkins credentials plugin. On a view it there is no escape from provided by user information (user-controlled).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Out of support scope | ||
| Red Hat OpenShift Container Platform 4.8 | jenkins-2-plugins | Fixed | RHSA-2021:2437 | 27.07.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1959545jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials Plugin
EPSS
Процентиль: 54%
0.0031
Низкий
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
больше 4 лет назад
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVSS3: 6.1
github
больше 4 лет назад
Cross-Site Request Forgery in Jenkins Credentials Plugin
EPSS
Процентиль: 54%
0.0031
Низкий
5.4 Medium
CVSS3