GHSA-6wh8-mr6f-6cx2

Source

https://github.com/advisories/GHSA-6wh8-mr6f-6cx2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6wh8-mr6f-6cx2/GHSA-6wh8-mr6f-6cx2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6wh8-mr6f-6cx2

Aliases

CVE-2022-30960

Published

2022-05-18T00:00:41Z

Modified

2023-11-08T04:09:21.255407Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Cross-site Scripting in Jenkins Application Detector Plugin

Details

Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Database specific

{
    "nvd_published_at": "2022-05-17T15:15:00Z",
    "github_reviewed_at": "2022-06-01T21:24:37Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.jenkins-ci.plugins:app-detector

Package

Name: org.jenkins-ci.plugins:app-detector; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/app-detector

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.9

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.8