GHSA-24g8-35x9-fv8r

Suggest an improvement
Source
https://github.com/advisories/GHSA-24g8-35x9-fv8r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-24g8-35x9-fv8r/GHSA-24g8-35x9-fv8r.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-24g8-35x9-fv8r
Aliases
Published
2022-05-24T17:33:09Z
Modified
2023-11-01T04:52:32.526207Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Stored XSS vulnerability in Jenkins FindBugs Plugin
Details

Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.

Database specific
{
    "nvd_published_at": "2020-11-04T15:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-22T13:48:15Z"
}
References

Affected packages

Maven / org.jvnet.hudson.plugins:findbugs

Package

Name
org.jvnet.hudson.plugins:findbugs
View open source insights on deps.dev
Purl
pkg:maven/org.jvnet.hudson.plugins/findbugs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
5.0.0

Affected versions

1.*

1.0
1.1

2.*

2.0
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.19
2.20
2.21
2.22

3.*

3.0
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
3.10
3.11
3.12
3.13

4.*

4.0
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.30
4.31
4.32
4.33
4.34
4.35
4.36
4.37
4.38
4.39
4.40
4.41
4.42
4.43
4.44
4.45
4.46
4.47
4.48
4.49
4.50
4.51
4.55
4.56
4.57
4.58
4.59
4.60
4.61
4.62
4.63
4.64
4.65
4.69
4.70
4.71
4.72
4.73-beta

5.*

5.0.0-beta2
5.0.0-beta3
5.0.0