GHSA-cj2g-wwfv-mvjh

Suggest an improvement
Source
https://github.com/advisories/GHSA-cj2g-wwfv-mvjh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cj2g-wwfv-mvjh/GHSA-cj2g-wwfv-mvjh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-cj2g-wwfv-mvjh
Aliases
Published
2022-05-24T17:10:27Z
Modified
2024-02-16T07:56:26.779922Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
XSS vulnerability in Jenkins Audit Trail Plugin
Details

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Audit Trail Plugin 3.3 escapes the affected part of the error message.

References

Affected packages

Maven / org.jenkins-ci.plugins:audit-trail

Package

Name
org.jenkins-ci.plugins:audit-trail
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/audit-trail

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3

Affected versions

1.*

1.5
1.6
1.7
1.8

2.*

2.0
2.1
2.2
2.3
2.4
2.5
2.6

3.*

3.0
3.1
3.2

Database specific

{
    "last_known_affected_version_range": "<= 3.2"
}