GHSA-h3hg-r97v-5r9w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h3hg-r97v-5r9w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-h3hg-r97v-5r9w/GHSA-h3hg-r97v-5r9w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h3hg-r97v-5r9w
- Aliases
-
- CVE-2023-32984
- Published
- 2023-05-16T18:30:16Z
- Modified
- 2024-02-16T08:23:33.722015Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability
- Details
-
Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin’s test information pages.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.
TestNG Results Plugin 730.732.v959a3aaeba_72 escapes the affected values that are parsed from TestNG report files.
- Database specific
{ "nvd_published_at": "2023-05-16T16:15:11Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-05-17T03:06:59Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:testng-plugin
Package
- Name
- org.jenkins-ci.plugins:testng-plugin
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/testng-plugin
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed730.732.v959a
Affected versions
0.*
0.16
0.17
0.18
0.19
0.20
0.21
0.22
0.23
0.24
0.25
0.26
0.27
0.28
0.29
0.30
0.31
0.32
0.33
1.*
1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.9.1
1.10
1.11
1.12
1.13
1.14
1.15
552.*
552.va20eb2369116
554.*
554.va4a552116332
555.*
555.va0d5f66521e3
700.*
700.va_ea_5873a_3399
730.*
730.v4c5283037693