[MAVEN:GHSA-3XJQ-8J89-XRW9] Jenkins Badge Plugin cross-site scripting vulnerability

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. Badge Plugin 1.5 and newer sanitizes the provided HTML for display on the Jenkins web UI.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/badge	<= 1.4

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/badge	= 1.5

ID

MAVEN:GHSA-3XJQ-8J89-XRW9

Severity

moderate

URL

https://github.com/advisories/GHSA-3xjq-8j89-xrw9

Published

2022-05-14T03:05:27
(2 years ago)

Modified

2023-12-18T09:22:02
(9 months ago)

Rights

Maven Security Team

Other Advisories

JENKINS:SECURITY-906

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2018-1000604
			https://jenkins.io/security/advisory/2018-06-25/#SECURITY-906
			https://github.com/jenkinsci/badge-plugin/commit/63a7744cef33338e62898576a50bcc521d76ba9f
			https://github.com/advisories/GHSA-3xjq-8j89-xrw9

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/badge	org.jenkins-ci.plugins	badge	<= 1.4
Fixed	pkg:maven/org.jenkins-ci.plugins/badge	org.jenkins-ci.plugins	badge	= 1.5

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date