Описание
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.
A flaw was found in the Jenkins Maven Repository Server Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability to inject malicious script into a web page, which would be executed in a victim's web browser within the security context of the hosting web site once the page is viewed. This flaw allows an attacker to steal the victim's cookie-based authentication credentials.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 2 | jenkins-2-plugins | Not affected | ||
| Node HealthCheck Operator | jenkins-2-plugins | Not affected | ||
| OpenShift Developer Tools and Services | jenkins-2-plugins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Not affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Not affected |
Показывать по
Дополнительная информация
Статус:
8 High
CVSS3
Связанные уязвимости
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.
Stored XSS vulnerability in Jenkins Maven Repository Server Plugin
8 High
CVSS3