1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-64R9-X74Q-WXMH

[MAVEN:GHSA-64R9-X74Q-WXMH] Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin

Severity High
Affected Packages 1
Fixed Packages 1
CVEs 1
Info Packages References Vulnerabilities

Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build after aborting it.

Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of these hyperlinks in build logs.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.

Pipeline: Supporting APIs Plugin 839.v35e2736cfd5c properly encodes URLs of these hyperlinks in build logs.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins.workflow/workflow-support < 839.v35e2736cfd5c
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins.workflow/workflow-support = 839.v35e2736cfd5c
ID
MAVEN:GHSA-64R9-X74Q-WXMH
Severity
high
URL
https://github.com/advisories/GHSA-64r9-x74q-wxmh
Published
2022-10-19T19:00:22
(23 months ago)
Modified
2024-01-04T12:14:15
(8 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins.workflow/workflow-support org.jenkins-ci.plugins.workflow workflow-support < 839.v35e2736cfd5c
Fixed pkg:maven/org.jenkins-ci.plugins.workflow/workflow-support org.jenkins-ci.plugins.workflow workflow-support = 839.v35e2736cfd5c
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date