[MAVEN:GHSA-GC2R-CCFH-62V9] Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

Micro Focus Application Automation Tools Plugin 6.7 and earlier does not escape user input in a form validation response.

This results in a reflected cross-site scripting (XSS) vulnerability.

Micro Focus Application Automation Tools Plugin 6.8 escapes user input in the affected form validation response.

A security hardening since Jenkins 2.275 and LTS 2.263.2 prevents exploitation of this vulnerability.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/hp-application-automation-tools-plugin	<= 6.7

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/hp-application-automation-tools-plugin	= 6.8

ID

MAVEN:GHSA-GC2R-CCFH-62V9

Severity

high

URL

https://github.com/advisories/GHSA-gc2r-ccfh-62v9

Published

2022-05-24T17:46:58
(2 years ago)

Modified

2023-12-22T13:28:10
(9 months ago)

Rights

Maven Security Team

Other Advisories

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2021-22510
			https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2175
			https://github.com/jenkinsci/hpe-application-automation-tools-plugin/commit/9fbd698401048644c325751e290f6d901128c1c7
			https://github.com/advisories/GHSA-gc2r-ccfh-62v9

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/hp-application-automation-tools-plugin	org.jenkins-ci.plugins	hp-application-automation-tools-plugin	<= 6.7
Fixed	pkg:maven/org.jenkins-ci.plugins/hp-application-automation-tools-plugin	org.jenkins-ci.plugins	hp-application-automation-tools-plugin	= 6.8

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date