GHSA-x63v-prhc-xx6f

Source

https://github.com/advisories/GHSA-x63v-prhc-xx6f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-x63v-prhc-xx6f/GHSA-x63v-prhc-xx6f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-x63v-prhc-xx6f

Aliases

CVE-2022-28149

Published

2022-03-30T00:00:23Z

Modified

2023-11-08T04:09:02.291086Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin

Details

Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Database specific

{
    "nvd_published_at": "2022-03-29T13:15:00Z",
    "github_reviewed_at": "2022-11-30T20:56:10Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / com.synopsys.jenkinsci:ownership

Package

Name: com.synopsys.jenkinsci:ownership; View open source insights on deps.dev
Purl: pkg:maven/com.synopsys.jenkinsci/ownership

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.13.0

Affected versions

0.*

0.1.0

0.2.0

0.2.1

0.3

0.3.1

0.4

0.5

0.5.1

0.6

0.7

0.8

0.9.0-beta-1

0.9.0

0.9.1

0.10.0

0.11.0

0.12.0

0.12.1

0.13.0