GHSA-hv48-hgp6-xpqf

Source

https://github.com/advisories/GHSA-hv48-hgp6-xpqf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-hv48-hgp6-xpqf/GHSA-hv48-hgp6-xpqf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hv48-hgp6-xpqf

Aliases

CVE-2023-40342

Published

2023-08-16T15:30:18Z

Modified

2024-02-16T08:18:25.364857Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability

Details

Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.

Flaky Test Handler Plugin 1.2.3 escapes JUnit test contents when showing them on the Jenkins UI.

Database specific

{
    "nvd_published_at": "2023-08-16T15:15:11Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-16T21:12:56Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:flaky-test-handler

Package

Name: org.jenkins-ci.plugins:flaky-test-handler; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/flaky-test-handler

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.1.0

1.2.0

1.2.1

1.2.2