[MAVEN:GHSA-64R9-X74Q-WXMH] Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
Severity
High
Affected Packages
1
Fixed Packages
1
CVEs
1
Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build after aborting it.
Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of these hyperlinks in build logs.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.
Pipeline: Supporting APIs Plugin 839.v35e2736cfd5c properly encodes URLs of these hyperlinks in build logs.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins.workflow/workflow-support | < 839.v35e2736cfd5c |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins.workflow/workflow-support | = 839.v35e2736cfd5c |
- ID
- MAVEN:GHSA-64R9-X74Q-WXMH
- Severity
- high
- URL
- https://github.com/advisories/GHSA-64r9-x74q-wxmh
- Published
-
2022-10-19T19:00:22
(23 months ago) - Modified
-
2024-01-04T12:14:15
(8 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins.workflow/workflow-support | org.jenkins-ci.plugins.workflow | workflow-support | < 839.v35e2736cfd5c | |||
Fixed | pkg:maven/org.jenkins-ci.plugins.workflow/workflow-support | org.jenkins-ci.plugins.workflow | workflow-support | = 839.v35e2736cfd5c |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |