Описание
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.
A Cross-site scripting (XSS) vulnerability was found in a Jenkins plugin. This issue may allow an authenticated remote attacker to create Pipelines.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Out of support scope | ||
| OCP-Tools-4.12-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2023:1064 | 06.03.2023 |
| OpenShift Developer Tools and Services for OCP 4.11 | jenkins-2-plugins | Fixed | RHSA-2023:3198 | 17.05.2023 |
| Red Hat OpenShift Container Platform 4.10 | jenkins-2-plugins | Fixed | RHSA-2023:0560 | 08.02.2023 |
| Red Hat OpenShift Container Platform 4.9 | jenkins-2-plugins | Fixed | RHSA-2023:0777 | 23.02.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
EPSS
5.4 Medium
CVSS3