Описание
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Not affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Affected |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2065741jenkins-2-plugins/favorite: Favorite Plugin XSS Vulnerability
EPSS
Процентиль: 93%
0.09374
Низкий
3.5 Low
CVSS3
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
CVSS3: 5.4
github
почти 4 года назад
Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin
EPSS
Процентиль: 93%
0.09374
Низкий
3.5 Low
CVSS3