GHSA-rfrq-3v89-fqg6

Suggest an improvement
Source
https://github.com/advisories/GHSA-rfrq-3v89-fqg6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rfrq-3v89-fqg6/GHSA-rfrq-3v89-fqg6.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-rfrq-3v89-fqg6
Aliases
Published
2022-05-24T17:22:20Z
Modified
2023-11-01T04:52:25.503018Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Reflected XSS in Jenkins Compatibility Action Storage Plugin
Details

Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.

Database specific 
{
    "nvd_published_at": "2020-07-02T15:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-29T01:27:51Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:compatibility-action-storage

Package

Name
org.jenkins-ci.plugins:compatibility-action-storage
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/compatibility-action-storage

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rfrq-3v89-fqg6/GHSA-rfrq-3v89-fqg6.json"