GHSA-wrr5-p265-7252

Suggest an improvement
Source
https://github.com/advisories/GHSA-wrr5-p265-7252
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wrr5-p265-7252/GHSA-wrr5-p265-7252.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-wrr5-p265-7252
Aliases
Published
2022-05-24T22:00:03Z
Modified
2024-02-16T08:11:28.197147Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Jenkins Warnings NG Plugin Cross-site scripting vulnerability
Details

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.

Database specific 
{
    "severity": "MODERATE",
    "github_reviewed_at": "2024-01-30T21:27:43Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "nvd_published_at": "2019-05-31T15:29:00Z",
    "github_reviewed": true
}
References

Affected packages

Maven / io.jenkins.plugins:warnings-ng

Package

Name
io.jenkins.plugins:warnings-ng
View open source insights on deps.dev
Purl
pkg:maven/io.jenkins.plugins/warnings-ng

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1.0

Affected versions

1.*

1.0.0-beta1
1.0.0-beta2
1.0.0-beta3
1.0.0-beta4
1.0.0-beta5
1.0.0-beta6
1.0.0-beta7
1.0.0-beta8
1.0.0-beta9
1.0.0-beta10
1.0.0
1.0.1

2.*

2.0.0
2.1.0
2.1.1
2.1.2
2.2.0
2.2.1

3.*

3.0.0
3.0.1
3.0.3

4.*

4.0.0

5.*

5.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wrr5-p265-7252/GHSA-wrr5-p265-7252.json"

last_known_affected_version_range

"<= 5.0.0"