GHSA-fv4q-4h24-23qr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fv4q-4h24-23qr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fv4q-4h24-23qr/GHSA-fv4q-4h24-23qr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fv4q-4h24-23qr
- Aliases
- Published
- 2022-05-24T16:55:59Z
- Modified
- 2024-02-16T08:17:00.960356Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting
- Details
-
Dashboard View Plugin did not escape the build description on the Latest Builds View. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the description of builds shown on that view.
Dashboard View Plugin now applies the configured markup formatter to the build description, rendering it as it appears elsewhere in Jenkins.
- Database specific
{ "nvd_published_at": "2019-09-12T14:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-03-02T16:40:43Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:dashboard-view
Package
- Name
- org.jenkins-ci.plugins:dashboard-view
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/dashboard-view