GHSA-jpvq-v729-7j2h

Source

https://github.com/advisories/GHSA-jpvq-v729-7j2h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jpvq-v729-7j2h/GHSA-jpvq-v729-7j2h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jpvq-v729-7j2h

Aliases

Published

2022-05-24T17:25:24Z

Modified

2024-02-16T08:22:19.771785Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Improper Neutralization of Input During Web Page Generation in Jenkins

Details

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed_at": "2022-06-23T23:19:33Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "nvd_published_at": "2020-08-12T14:15:00Z",
    "github_reviewed": true
}

References

Affected packages

Maven / org.jenkins-ci.main:jenkins-core

Package

Name: org.jenkins-ci.main:jenkins-core; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/jenkins-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.235.4

Affected versions

1.*

1.396

1.397

1.398

1.399

1.400

1.401

1.403

1.404

1.405

1.406

1.407

1.408

1.409

1.409.1

1.409.2

1.409.3

1.410

1.411

1.412

1.413

1.414

1.415

1.416

1.417

1.418

1.419

1.420

1.421

1.422

1.423

1.424

1.424.1

1.424.2

1.424.3

1.424.4

1.424.5

1.424.6

1.425

1.426

1.427

1.428

1.429

1.430

1.431

1.432

1.433

1.434

1.435

1.436

1.437

1.438

1.439

1.440

1.441

1.442

1.443

1.444

1.445

1.446

1.447

1.447.1

1.447.2

1.448

1.449

1.450

1.451

1.452

1.453

1.454

1.455

1.456

1.457

1.458

1.459

1.460

1.461

1.462

1.463

1.464

1.465

1.466

1.466.1

1.466.2

1.467

1.468

1.469

1.470

1.471

1.472

1.473

1.474

1.475

1.476

1.477

1.478

1.479

1.480

1.480.1

1.480.2

1.480.3

1.481

1.482

1.483

1.484

1.485

1.486

1.487

1.488

1.489

1.490

1.491

1.492

1.493

1.494

1.495

1.496

1.497

1.498

1.499

1.500

1.501

1.502

1.503

1.504

1.505

1.506

1.507

1.508

1.509

1.509.1

1.509.2

1.509.2.JENKINS-8856-diag

1.509.2.JENKINS-14362-jzlib

1.509.3

1.509.3.JENKINS-14362-jzlib

1.509.4

1.510

1.511

1.512

1.513

1.514

1.515

1.516

1.516.JENKINS-14362-jzlib

1.517

1.518

1.518.JENKINS-14362-jzlib

1.519

1.520

1.521

1.522

1.523

1.524

1.525

1.526

1.527

1.528

1.529

1.530

1.531

1.532

1.532.1

1.532.1.JENKINS-19453

1.532.2

1.532.2.JENKINS-21622-diag

1.532.2.JENKINS-22395-diag

1.532.3

1.532.3.JENKINS-22395

1.532.3.JENKINS-22395-2

1.533

1.534

1.535

1.536

1.537

1.538

1.539

1.540

1.541

1.542

1.543

1.544

1.545

1.546

1.547

1.548

1.549

1.550

1.551

1.552

1.553

1.554

1.554.1

1.554.2

1.554.3

1.554.3.JENKINS-18065-ALLRM-all

1.554.3.JENKINS-18065-JENKINS-23945

1.555

1.556

1.557

1.558

1.559

1.560

1.561

1.562

1.563

1.564

1.565

1.565.1

1.565.1.JENKINS-22395-dropLinks

1.565.2

1.565.3

1.566

1.567

1.568

1.569

1.570

1.571

1.572

1.573

1.574

1.575

1.576

1.577

1.578

1.579

1.580

1.580.1

1.580.2

1.580.3

1.581

1.582

1.583

1.584

1.585

1.586

1.587

1.588

1.589

1.590

1.591

1.592

1.593

1.594

1.595

1.596

1.596.1

1.596.2

1.596.3

1.597

1.598

1.599

1.600

1.601

1.602

1.604

1.605

1.606

1.607

1.608

1.609

1.609.1

1.609.2

1.609.3

1.610

1.611

1.612

1.613

1.614

1.615

1.616

1.617

1.618

1.619

1.620

1.621

1.622

1.623

1.624

1.625

1.625.1

1.625.2

1.625.3

1.626

1.627

1.628

1.629

1.630

1.631

1.632

1.633

1.634

1.635

1.636

1.637

1.638

1.639

1.640

1.641

1.642

1.642.1

1.642.2

1.642.3

1.642.4

1.643

1.644

1.645

1.646

1.647

1.648

1.649

1.650

1.651

1.651.1

1.651.2

1.651.3

1.652

1.653

1.654

1.655

1.656

1.657

1.658

2.*

2.0-alpha-1

2.0-alpha-2

2.0-alpha-3

2.0-alpha-4

2.0-beta-1

2.0-beta-2

2.0-rc-1

2.0

2.1

2.2

2.3

2.4

2.5

2.6

2.7

2.7.1

2.7.2

2.7.3

2.7.4

2.8

2.9

2.10

2.11

2.12

2.13

2.14

2.15

2.16

2.17

2.18

2.19

2.19.1

2.19.2

2.19.3

2.19.4

2.20

2.21

2.22

2.23

2.24

2.25

2.26

2.27

2.28

2.29

2.30

2.31

2.32

2.32.1

2.32.2

2.32.3

2.33

2.34

2.35

2.36

2.37

2.38

2.39

2.40

2.41

2.42

2.43

2.44

2.45

2.46

2.46.1

2.46.2

2.46.3

2.47

2.48

2.49

2.50

2.51

2.52

2.53

2.54

2.55

2.56

2.57

2.58

2.59

2.60

2.60.1

2.60.2

2.60.3

2.61

2.62

2.63

2.64

2.65

2.66

2.67

2.68

2.69

2.70

2.71

2.72

2.73

2.73.1

2.73.2

2.73.3

2.74

2.75

2.76

2.77

2.78

2.79

2.80

2.81

2.82

2.83

2.84

2.85

2.86

2.87

2.88

2.89

2.89.1

2.89.2

2.89.3

2.89.4

2.90

2.91

2.92

2.93

2.94

2.95

2.96

2.97

2.98

2.99

2.100

2.101

2.102

2.103

2.104

2.105

2.106

2.107

2.107.1

2.107.2

2.107.3

2.108

2.109

2.110

2.111

2.112

2.113

2.114

2.115

2.116

2.117

2.118

2.119

2.120

2.121

2.121.1

2.121.2

2.121.3

2.122

2.123

2.124

2.125

2.126

2.127

2.128

2.129

2.130

2.131

2.132

2.133

2.134

2.135

2.136

2.137

2.138

2.138.1

2.138.2

2.138.3

2.138.4

2.140

2.141

2.142

2.143

2.144

2.145

2.146

2.147

2.148

2.149

2.150

2.150.1

2.150.2

2.150.3

2.151

2.152

2.153

2.154

2.155

2.156

2.157

2.158

2.159

2.160

2.161

2.162

2.163

2.164

2.164.1

2.164.2

2.164.3

2.165

2.166

2.167

2.168

2.169

2.170

2.171

2.172

2.173

2.174

2.175

2.176

2.176.1

2.176.2

2.176.3

2.176.4

2.177

2.178

2.179

2.180

2.181

2.182

2.183

2.184

2.185

2.186

2.187

2.189

2.190

2.190.1

2.190.2

2.190.3

2.191

2.192

2.193

2.194

2.195

2.196

2.197

2.198

2.199

2.200

2.201

2.202

2.203

2.204

2.204.1

2.204.2

2.204.3

2.204.4

2.204.5

2.204.6

2.205

2.206

2.207

2.208

2.209

2.210

2.211

2.212

2.213

2.214

2.215

2.216

2.217

2.218

2.219

2.220

2.221

2.222

2.222.1

2.222.3

2.222.4

2.223

2.224

2.225

2.226

2.227

2.228

2.229

2.230

2.231

2.232

2.233

2.234

2.235

2.235.1

2.235.2

2.235.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jpvq-v729-7j2h/GHSA-jpvq-v729-7j2h.json"

last_known_affected_version_range

"<= 2.235.3"

Maven / org.jenkins-ci.main:jenkins-core

Package

Name: org.jenkins-ci.main:jenkins-core; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/jenkins-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.237

Fixed

2.252

Affected versions

2.*

2.237

2.238

2.239

2.240

2.241

2.242

2.243

2.244

2.245

2.246

2.247

2.248

2.249

2.249.1

2.249.2

2.249.3

2.250

2.251

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jpvq-v729-7j2h/GHSA-jpvq-v729-7j2h.json"

last_known_affected_version_range

"<= 2.251"