GHSA-f82v-pg74-6686

Source

https://github.com/advisories/GHSA-f82v-pg74-6686

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f82v-pg74-6686/GHSA-f82v-pg74-6686.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-f82v-pg74-6686

Aliases

CVE-2020-2174

Published

2022-05-24T17:13:39Z

Modified

2023-11-08T04:02:54.833888Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin

Details

AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output.

This results in a reflected cross-site scripting (XSS) vulnerability.

AWSEB Deployment Plugin 0.3.20 escapes the values printed as part of the affected form validation endpoints.

Database specific

{
    "nvd_published_at": "2020-04-07T13:15:00Z",
    "github_reviewed_at": "2022-12-20T17:39:43Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin

Package

Name: br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin; View open source insights on deps.dev
Purl: pkg:maven/br.com.ingenieux.jenkins.plugins/awseb-deployment-plugin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.20

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.1.0

0.1.1

0.2.0

0.3.0

0.3.1

0.3.2

0.3.3

0.3.5

0.3.7

0.3.8

0.3.10

0.3.13

0.3.14

0.3.15

0.3.16

0.3.17

0.3.18

0.3.19

Database specific

{
    "last_known_affected_version_range": "<= 0.3.19"
}