GHSA-38ch-x695-m794

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-38ch-x695-m794/GHSA-38ch-x695-m794.json
Aliases
  • CVE-2018-1000202
Published
2022-05-14T03:13:13Z
Modified
2022-11-22T20:09:21.134475Z
Details

A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

References

Affected packages

Maven / org.jvnet.hudson.plugins:groovy-postbuild

org.jvnet.hudson.plugins:groovy-postbuild

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
2.4

Affected versions

1.*

1.2
1.3

Database specific

{
    "last_known_affected_version_range": "<= 2.3.1"
}