GHSA-7756-56hr-2vcp

Source

https://github.com/advisories/GHSA-7756-56hr-2vcp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-7756-56hr-2vcp/GHSA-7756-56hr-2vcp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7756-56hr-2vcp

Aliases

CVE-2022-27212

Published

2022-03-16T00:00:43Z

Modified

2024-02-16T08:21:31.872267Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin

Details

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Database specific

{
    "github_reviewed_at": "2022-11-30T19:41:49Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2022-03-15T17:15:00Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:list-git-branches-parameter

Package

Name: org.jenkins-ci.plugins:list-git-branches-parameter; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/list-git-branches-parameter

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.0.9

Affected versions

0.*

0.0.1

0.0.3

0.0.4

0.0.7

0.0.8

0.0.9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-7756-56hr-2vcp/GHSA-7756-56hr-2vcp.json"