1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-2268

[JENKINS:SECURITY-2268] Stored XSS vulnerability in `agent-server-parameter`

Severity High
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

agent-server-parameter 1.0 and earlier does not escape parameter names of agent server parameters.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

agent-server-parameter 1.1 escapes parameter names of agent server parameters.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/agent-server-parameter <= 1.0
pkg:github/jenkinsci/agent-server-parameter-plugin <= 1.0
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/agent-server-parameter = 1.1
pkg:github/jenkinsci/agent-server-parameter-plugin = 1.1
ID
JENKINS:SECURITY-2268
Severity
high
Published
2022-02-15T00:00:00
(2 years ago)
Modified
2022-02-15T00:00:00
(2 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository agent-server-parameter repository https://github.com/jenkinsci/agent-server-parameter-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/agent-server-parameter org.jenkins-ci.plugins agent-server-parameter <= 1.0
Fixed pkg:maven/org.jenkins-ci.plugins/agent-server-parameter org.jenkins-ci.plugins agent-server-parameter = 1.1
Affected pkg:github/jenkinsci/agent-server-parameter-plugin jenkinsci agent-server-parameter-plugin <= 1.0
Fixed pkg:github/jenkinsci/agent-server-parameter-plugin jenkinsci agent-server-parameter-plugin = 1.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date