Описание
Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.
A flaw was found in the Jenkins Template Workflows Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. This flaw allows a remote, authenticated attacker to inject malicious script into a Web page, which would be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed, and steal the victim's cookie-based authentication credentials.
Отчет
The Jenkins Template Workflows Plugin is not shipped in any of the Red Hat products. Hence, Red Hat Products are not affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 2 | jenkins-2-plugins | Not affected | ||
| Node HealthCheck Operator | jenkins-2-plugins | Not affected | ||
| OpenShift Developer Tools and Services | jenkins-2-plugins | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Affected |
Показывать по
Дополнительная информация
Статус:
8 High
CVSS3
Связанные уязвимости
Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.
Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting
8 High
CVSS3