Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site…
jenkins·CWE-79·Published 2021-03-30
Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. Jenkins Build With Parameters Plugin 1.5.1 escapes parameter names and descriptions.
Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. Jenkins Build With Parameters Plugin 1.5.1 escapes parameter names and descriptions.
Jenkins Build With Parameters Plugin versiones 1.5 y anteriores, no escapan unos nombres y descripciones de parámetros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso Job/Configure.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 3.5 | 6.8 | 2.9 | AV:N/AC:M/Au:S/C:N/I:P/A:N |
| 3.1 | Primary | NVD | 5.4 | 2.3 | 2.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| 3.1 | Secondary | GHSA | 5.4 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |