Описание
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
A stored Cross-site scripting (XSS) vulnerability was found in the Jenkins Matrix Project plugin. There are no escape HTML metacharacters in node, label names, and label descriptions, which allows an attacker with Agent/Configure permissions to perform an XSS attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | jenkins | Affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Affected |
Показывать по
Дополнительная информация
Статус:
5.4 Medium
CVSS3
Связанные уязвимости
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
Stored XSS vulnerability in Matrix Project Plugin
5.4 Medium
CVSS3