GHSA-p5jh-8rxp-wqjj

Suggest an improvement
Source
https://github.com/advisories/GHSA-p5jh-8rxp-wqjj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p5jh-8rxp-wqjj/GHSA-p5jh-8rxp-wqjj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-p5jh-8rxp-wqjj
Aliases
Published
2022-05-24T17:27:07Z
Modified
2024-02-16T08:14:28.629077Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
XSS vulnerability in Jenkins Build Failure Analyzer Plugin
Details

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.

Build Failure Analyzer Plugin 1.27.1 escapes matching text in the affected form validation response.

Database specific 
{
    "nvd_published_at": "2020-09-01T14:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-20T22:38:03Z"
}
References

Affected packages

Maven / com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

Package

Name
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
View open source insights on deps.dev
Purl
pkg:maven/com.sonyericsson.jenkins.plugins.bfa/build-failure-analyzer

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.27.1

Affected versions

1.*

1.2.0
1.3.0
1.4.0
1.4.1
1.5.0
1.5.1
1.6.0
1.7.0
1.8.0
1.8.1
1.9.0
1.9.1
1.10.0
1.10.2
1.10.3
1.11.0
1.12.0
1.12.1
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.14.0
1.15.0
1.16.0
1.17.0
1.17.1
1.17.2
1.18.0
1.18.1
1.19.0
1.19.1
1.19.2
1.20.0
1.21.0
1.22.0
1.23.0-beta-1
1.23.0
1.23.1
1.23.2
1.24.0
1.24.1
1.24.2
1.25.0
1.25.1
1.26.0
1.27.0

Database specific 

{
    "last_known_affected_version_range": "<= 1.27.0"
}