GHSA-rvg5-f5fj-mxvg

Source

https://github.com/advisories/GHSA-rvg5-f5fj-mxvg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-rvg5-f5fj-mxvg/GHSA-rvg5-f5fj-mxvg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rvg5-f5fj-mxvg

Aliases

CVE-2022-29036

Published

2022-04-13T00:00:18Z

Modified

2023-11-08T04:09:06.726833Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site Scripting in Jenkins Credentials Plugin

Details

Jenkins Credentials Plugin 1111.v35a307992395 and earlier, except 1087.1089.v2f1b9ab040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

References

Affected packages

Maven / org.jenkins-ci.plugins:credentials

Package

Name: org.jenkins-ci.plugins:credentials; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/credentials

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.1.1

Affected versions

1.*

1.0

1.1

1.2

1.3

1.3.1

1.4

1.5

1.6

1.7

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.8

1.8.1

1.8.2

1.8.3

1.8.4

1.9

1.9.1

1.9.2

1.9.3

1.9.4

1.10

1.11

1.12

1.13

1.14

1.15

1.16

1.16.1

1.17

1.18

1.19

1.20

1.21

1.22

1.23

1.24

1.25

1.26

1.27

1.28

2.*

2.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.19

2.2.0

2.2.1

2.3.0

2.3.0.1

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.7.1

2.3.8

2.3.9

2.3.10

2.3.11

2.3.12

2.3.13

2.3.13.1

2.3.14

2.3.14.1

2.3.15

2.3.15.1

2.3.17

2.3.18

2.3.19

2.4

2.4.0.1

2.4.1

2.5

2.6

2.6.1

Database specific

{
    "last_known_affected_version_range": "<= 2.6.1"
}

Maven / org.jenkins-ci.plugins:credentials

Package

Name: org.jenkins-ci.plugins:credentials; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/credentials

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.2

Fixed

1074.1076.v39c30cecb_0e2

Affected versions

2.*

2.6.2

1055.*

1055.v1346ba467ba1

1061.*

1061.vb_1fceb_58fa_18

1074.*

1074.v60e6c29b_b_44b_

Database specific

{
    "last_known_affected_version_range": "<= 1074.v60e6c29b"
}

Maven / org.jenkins-ci.plugins:credentials

Package

Name: org.jenkins-ci.plugins:credentials; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/credentials

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1087.v16065d268466

Fixed

1087.1089.v2f1b_9a_b_040e4

Affected versions

1087.*

1087.v16065d268466

Maven / org.jenkins-ci.plugins:credentials

Package

Name: org.jenkins-ci.plugins:credentials; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/credentials

GHSA-rvg5-f5fj-mxvg

Affected packages

Maven / org.jenkins-ci.plugins:credentials

Package

Affected ranges

Affected versions

1.*

2.*

Database specific

Maven / org.jenkins-ci.plugins:credentials

Package

Affected ranges

Affected versions

2.*

1055.*

1061.*

1074.*

Database specific

Maven / org.jenkins-ci.plugins:credentials

Package

Affected ranges

Affected versions

1087.*

Maven / org.jenkins-ci.plugins:credentials

Package

Affected ranges

Affected versions

1105.*