Описание
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.
Отчет
OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Out of support scope | ||
| OCP-Tools-4.12-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2023:3195 | 18.05.2023 |
| OCP-Tools-4.12-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2023:6172 | 30.10.2023 |
| OCP-Tools-4.12-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2024:0778 | 12.02.2024 |
| OCP-Tools-4.13-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2023:3299 | 24.05.2023 |
| OCP-Tools-4.13-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2023:6179 | 30.10.2023 |
| OCP-Tools-4.13-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2024:0776 | 12.02.2024 |
| OCP-Tools-4.14-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2023:7288 | 16.11.2023 |
| OCP-Tools-4.14-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2024:0777 | 12.02.2024 |
| OpenShift Developer Tools and Services for OCP 4.11 | jenkins-2-plugins | Fixed | RHSA-2023:3198 | 17.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.
EPSS
5.4 Medium
CVSS3