GHSA-fv4q-4h24-23qr

Suggest an improvement
Source
https://github.com/advisories/GHSA-fv4q-4h24-23qr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fv4q-4h24-23qr/GHSA-fv4q-4h24-23qr.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-fv4q-4h24-23qr
Aliases
Published
2022-05-24T16:55:59Z
Modified
2024-01-02T05:51:56.161253Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting
Details

Dashboard View Plugin did not escape the build description on the Latest Builds View. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the description of builds shown on that view.

Dashboard View Plugin now applies the configured markup formatter to the build description, rendering it as it appears elsewhere in Jenkins.

Database specific
{
    "nvd_published_at": "2019-09-12T14:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-02T16:40:43Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:dashboard-view

Package

Name
org.jenkins-ci.plugins:dashboard-view
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/dashboard-view

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12

Affected versions

2.*

2.0
2.0.1
2.0.2
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.9
2.9.10
2.9.11
2.9.12
2.10
2.11