GHSA-gc2r-ccfh-62v9

Source

https://github.com/advisories/GHSA-gc2r-ccfh-62v9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gc2r-ccfh-62v9/GHSA-gc2r-ccfh-62v9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gc2r-ccfh-62v9

Aliases

CVE-2021-22510

Published

2022-05-24T17:46:58Z

Modified

2024-02-16T08:23:48.765233Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin

Details

Micro Focus Application Automation Tools Plugin 6.7 and earlier does not escape user input in a form validation response.

This results in a reflected cross-site scripting (XSS) vulnerability.

Micro Focus Application Automation Tools Plugin 6.8 escapes user input in the affected form validation response.

A security hardening since Jenkins 2.275 and LTS 2.263.2 prevents exploitation of this vulnerability.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-13T19:16:23Z",
    "nvd_published_at": "2021-04-08T22:15:00Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.jenkins-ci.plugins:hp-application-automation-tools-plugin

Package

Name: org.jenkins-ci.plugins:hp-application-automation-tools-plugin; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/hp-application-automation-tools-plugin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.8

Affected versions

1.*

1.0

1.0.2

2.*

2.0.0

2.0.2

3.*

3.0.5

3.0.6

3.0.7

4.*

4.0

4.0.1

4.5.0

5.*

5.0.0-beta-1

5.0

5.1-beta-1

5.1

5.1.0.1-beta

5.1.0.2-beta

5.2

5.2.0.1-beta

5.3

5.3.1-beta

5.3.2-beta

5.3.3-beta

5.3.4-beta

5.4

5.4.1-beta

5.4.2-beta

5.5

5.5.1-beta

5.5.2-beta

5.5.3-beta

5.5.4-beta

5.6

5.6.1

5.6.2

5.6.3-beta

5.6.4-beta

5.6.5-beta

5.7

5.7.1-beta

5.7.2-beta

5.7.3-beta

5.7.4-beta

5.8

5.8.1-beta

5.8.2-beta

5.8.3-beta

5.8.4-beta

5.8.5-beta

5.8.6-beta

5.8.7-beta

5.8.8-beta

5.9

5.9.1-beta

5.9.2-beta

5.9.3-beta

6.*

6.0

6.0.1-beta

6.0.2-beta

6.0.3-beta

6.0.4-beta

6.0.5-beta

6.1

6.1.1-beta

6.1.2-beta

6.1.3-beta

6.1.4-beta

6.2

6.2.1-beta

6.2.2-beta

6.2.3-beta

6.2.4-beta

6.2.5-beta

6.2.6-beta

6.2.7-beta

6.2.8-beta

6.3

6.3.1-beta

6.3.2-beta

6.3.3-beta

6.3.4-beta

6.4

6.4.1-beta

6.4.2-beta

6.4.3-beta

6.5

6.6

6.6.1-beta

6.6.2-beta

6.6.3-beta

6.6.4-beta

6.6.5-beta

6.7

6.7.1-beta

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gc2r-ccfh-62v9/GHSA-gc2r-ccfh-62v9.json"

last_known_affected_version_range

"<= 6.7"