GHSA-24g8-35x9-fv8r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-24g8-35x9-fv8r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-24g8-35x9-fv8r/GHSA-24g8-35x9-fv8r.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-24g8-35x9-fv8r
- Aliases
- Published
- 2022-05-24T17:33:09Z
- Modified
- 2024-02-16T08:14:14.885975Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Stored XSS vulnerability in Jenkins FindBugs Plugin
- Details
-
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.
- Database specific
{ "nvd_published_at": "2020-11-04T15:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-12-22T13:48:15Z" }- References
Affected packages
Maven / org.jvnet.hudson.plugins:findbugs
Package
- Name
- org.jvnet.hudson.plugins:findbugs
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jvnet.hudson.plugins/findbugs
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected5.0.0
Affected versions
1.*
1.0
1.1
2.*
2.0
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.19
2.20
2.21
2.22
3.*
3.0
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
3.10
3.11
3.12
3.13
4.*
4.0
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.30
4.31
4.32
4.33
4.34
4.35
4.36
4.37
4.38
4.39
4.40
4.41
4.42
4.43
4.44
4.45
4.46
4.47
4.48
4.49
4.50
4.51
4.55
4.56
4.57
4.58
4.59
4.60
4.61
4.62
4.63
4.64
4.65
4.69
4.70
4.71
4.72
4.73-beta
5.*
5.0.0-beta2
5.0.0-beta3
5.0.0