Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values. Custom Build Properties Plugin 2.82.v16d5b_d3590c7 escapes property values and build display names on the Custom Build Properties and Build Summary pages.
{ "nvd_published_at": "2022-12-12T09:15:00Z", "github_reviewed_at": "2022-12-12T22:16:49Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }