GHSA-9523-474x-5h36

Source

https://github.com/advisories/GHSA-9523-474x-5h36

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9523-474x-5h36/GHSA-9523-474x-5h36.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9523-474x-5h36

Aliases

CVE-2019-16563

Published

2022-05-24T17:03:48Z

Modified

2023-11-08T04:01:19.264881Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross site scripting in Jenkins Mission Control Plugin

Details

Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.

Database specific

{
    "nvd_published_at": "2019-12-17T15:15:00Z",
    "github_reviewed_at": "2022-11-01T22:51:21Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / tech.andrey.jenkins:mission-control-view

Package

Name: tech.andrey.jenkins:mission-control-view; View open source insights on deps.dev
Purl: pkg:maven/tech.andrey.jenkins/mission-control-view

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.9.16

Affected versions

0.*

0.8.2

0.8.3

0.9.0

0.9.2

0.9.7

0.9.8

0.9.9

0.9.10

0.9.11

0.9.12

0.9.13

0.9.14

0.9.15

0.9.16