Описание
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTP(S) URLs in test report output to clickable links, which leads to a stored Cross-site scripting (XSS) attack.
Отчет
OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Developer Tools and Services | jenkins-2-plugins | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Out of support scope | ||
| Red Hat OpenShift Container Platform 4.10 | jenkins-2-plugins | Fixed | RHSA-2023:0560 | 08.02.2023 |
| Red Hat OpenShift Container Platform 4.9 | jenkins-2-plugins | Fixed | RHSA-2023:0777 | 23.02.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
8 High
CVSS3
Связанные уязвимости
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
EPSS
8 High
CVSS3