GHSA-hvmc-7g2x-r3p9

Source

https://github.com/advisories/GHSA-hvmc-7g2x-r3p9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hvmc-7g2x-r3p9/GHSA-hvmc-7g2x-r3p9.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-hvmc-7g2x-r3p9

Aliases

Published

2022-05-24T17:25:24Z

Modified

2024-01-02T05:52:03.908824Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Jenkins Cross-Site Scripting vulnerability in help icons

Details

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values. This results in a stored cross-site scripting (XSS) vulnerability. Jenkins 2.252, LTS 2.235.4 escapes the tooltip content of help icons.

Database specific

{
    "nvd_published_at": "2020-08-12T14:15:00Z",
    "github_reviewed_at": "2022-06-23T23:18:53Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "severity": "HIGH"
}

References

Affected packages

Maven / org.jenkins-ci.main:jenkins-core

Package

Name: org.jenkins-ci.main:jenkins-core; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/jenkins-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.235.4

Affected versions

1.*

1.396

1.397

1.398

1.399

1.400

1.401

1.403

1.404

1.405

1.406

1.407

1.408

1.409

1.409.1

1.409.2

1.409.3

1.410

1.411

1.412

1.413

1.414

1.415

1.416

1.417

1.418

1.419

1.420

1.421

1.422

1.423

1.424

1.424.1

1.424.2

1.424.3

1.424.4

1.424.5

1.424.6

1.425

1.426

1.427

1.428

1.429

1.430

1.431

1.432

1.433

1.434

1.435

1.436

1.437

1.438

1.439

1.440

1.441

1.442

1.443

1.444

1.445

1.446

1.447

1.447.1

1.447.2

1.448

1.449

1.450

1.451

1.452

1.453

1.454

1.455

1.456

1.457

1.458

1.459

1.460

1.461

1.462

1.463

1.464

1.465

1.466

1.466.1

1.466.2

1.467

1.468

1.469

1.470

1.471

1.472

1.473

1.474

1.475

1.476

1.477

1.478

1.479

1.480

1.480.1

1.480.2

1.480.3

1.481

1.482

1.483

1.484

1.485

1.486

1.487

1.488

1.489

1.490

1.491

1.492

1.493

1.494

1.495

1.496

1.497

1.498

1.499

1.500

1.501

1.502

1.503

1.504

1.505

1.506

1.507

1.508

1.509

1.509.1

1.509.2

1.509.2.JENKINS-8856-diag

1.509.2.JENKINS-14362-jzlib

1.509.3

1.509.3.JENKINS-14362-jzlib

1.509.4

1.510

1.511

1.512

1.513

1.514

1.515

1.516

1.516.JENKINS-14362-jzlib

1.517

1.518

1.518.JENKINS-14362-jzlib

1.519

1.520

1.521

1.522

1.523

1.524

1.525

1.526

1.527

1.528

1.529

1.530

1.531

1.532

1.532.1

1.532.1.JENKINS-19453

1.532.2

1.532.2.JENKINS-21622-diag

1.532.2.JENKINS-22395-diag

1.532.3

1.532.3.JENKINS-22395

1.532.3.JENKINS-22395-2

1.533

1.534

1.535

1.536

1.537

1.538

1.539

1.540

1.541

1.542

1.543

1.544

1.545

1.546

1.547

1.548

1.549

1.550

1.551

1.552

1.553

1.554

1.554.1

1.554.2

1.554.3

1.554.3.JENKINS-18065-ALLRM-all

1.554.3.JENKINS-18065-JENKINS-23945

1.555

1.556

1.557

1.558

1.559

1.560

1.561

1.562

1.563

1.564

1.565

1.565.1

1.565.1.JENKINS-22395-dropLinks

1.565.2

1.565.3

1.566

1.567

1.568

1.569

1.570

1.571

1.572

1.573

1.574

1.575

1.576

1.577

1.578

1.579

1.580

1.580.1

1.580.2

1.580.3

1.581

1.582

1.583

1.584

1.585

1.586

1.587

1.588

1.589

1.590

1.591

1.592

1.593

1.594

1.595

1.596

1.596.1

1.596.2

1.596.3

1.597

1.598

1.599

1.600

1.601

1.602

1.604

1.605

1.606

1.607

1.608

1.609

1.609.1

1.609.2

1.609.3

1.610

1.611

1.612

1.613

1.614

1.615

1.616

1.617

1.618

1.619

1.620

1.621

1.622

1.623

1.624

1.625

1.625.1

1.625.2

1.625.3

1.626

1.627

1.628

1.629

1.630

1.631

1.632

1.633

1.634

1.635

1.636

1.637

1.638

1.639

1.640

1.641

1.642

1.642.1

1.642.2

1.642.3

1.642.4

1.643

1.644

1.645

1.646

1.647

1.648

1.649

1.650

1.651

1.651.1

1.651.2

1.651.3

1.652

1.653

1.654

1.655

1.656

1.657

1.658

2.*

2.0-alpha-1

2.0-alpha-2

2.0-alpha-3

2.0-alpha-4

2.0-beta-1

2.0-beta-2

2.0-rc-1

2.0

2.1

2.2

2.3

2.4

2.5

2.6

2.7

2.7.1

2.7.2

2.7.3

2.7.4

2.8

2.9

2.10

2.11

2.12

2.13

2.14

2.15

2.16

2.17

2.18

2.19

2.19.1

2.19.2

2.19.3

2.19.4

2.20

2.21

2.22

2.23

2.24

2.25

2.26

2.27

2.28

2.29

2.30

2.31

2.32

2.32.1

2.32.2

2.32.3

2.33

2.34

2.35

2.36

2.37

2.38

2.39

2.40

2.41

2.42

2.43

2.44

2.45

2.46

2.46.1

2.46.2

2.46.3

2.47

2.48

2.49

2.50

2.51

2.52

2.53

2.54

2.55

2.56

2.57

2.58

2.59

2.60

2.60.1

2.60.2

2.60.3

2.61

2.62

2.63

2.64

2.65

2.66

2.67

2.68

2.69

2.70

2.71

2.72

2.73

2.73.1

2.73.2

2.73.3

2.74

2.75

2.76

2.77

2.78

2.79

2.80

2.81

2.82

2.83

2.84

2.85

2.86

2.87

2.88

2.89

2.89.1

2.89.2

2.89.3

2.89.4

2.90

2.91

2.92

2.93

2.94

2.95

2.96

2.97

2.98

2.99

2.100

2.101

2.102

2.103

2.104

2.105

2.106

2.107

2.107.1

2.107.2

2.107.3

2.108

2.109

2.110

2.111

2.112

2.113

2.114

2.115

2.116

2.117

2.118

2.119

2.120

2.121

2.121.1

2.121.2

2.121.3

2.122

2.123

2.124

2.125

2.126

2.127

2.128

2.129

2.130

2.131

2.132

2.133

2.134

2.135

2.136

2.137

2.138

2.138.1

2.138.2

2.138.3

2.138.4

2.140

2.141

2.142

2.143

2.144

2.145

2.146

2.147

2.148

2.149

2.150

2.150.1

2.150.2

2.150.3

2.151

2.152

2.153

2.154

2.155

2.156

2.157

2.158

2.159

2.160

2.161

2.162

2.163

2.164

2.164.1

2.164.2

2.164.3

2.165

2.166

2.167

2.168

2.169

2.170

2.171

2.172

2.173

2.174

2.175

2.176

2.176.1

2.176.2

2.176.3

2.176.4

2.177

2.178

2.179

2.180

2.181

2.182

2.183

2.184

2.185

2.186

2.187

2.189

2.190

2.190.1

2.190.2

2.190.3

2.191

2.192

2.193

2.194

2.195

2.196

2.197

2.198

2.199

2.200

2.201

2.202

2.203

2.204

2.204.1

2.204.2

2.204.3

2.204.4

2.204.5

2.204.6

2.205

2.206

2.207

2.208

2.209

2.210

2.211

2.212

2.213

2.214

2.215

2.216

2.217

2.218

2.219

2.220

2.221

2.222

2.222.1

2.222.3

2.222.4

2.223

2.224

2.225

2.226

2.227

2.228

2.229

2.230

2.231

2.232

2.233

2.234

2.235

2.235.1

2.235.2

2.235.3

Database specific

last_known_affected_version_range

"<= 2.235.3"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hvmc-7g2x-r3p9/GHSA-hvmc-7g2x-r3p9.json"

Maven / org.jenkins-ci.main:jenkins-core

Package

Name: org.jenkins-ci.main:jenkins-core; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/jenkins-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.236

Fixed

2.252

Affected versions

2.*

2.236

2.237

2.238

2.239

2.240

2.241

2.242

2.243

2.244

2.245

2.246

2.247

2.248

2.249

2.249.1

2.249.2

2.249.3

2.250

2.251

Database specific

last_known_affected_version_range

"<= 2.251"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hvmc-7g2x-r3p9/GHSA-hvmc-7g2x-r3p9.json"