[MAVEN:GHSA-W3PJ-V9JR-V2WC] Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
The configuration forms of various post-build steps contributed by CloudBees CD Plugin were vulnerable to cross-site scripting.
This allowed attackers able to control the output of connected ElectricFlow servers' APIs to inject arbitrary HTML and JavaScript into the configuration form.
CloudBees CD Plugin no longer interprets HTML/JavaScript in responses from ElectricFlow server APIs on job configuration forms.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/electricflow | <= 1.1.6 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/electricflow | = 1.1.7 |
- ID
- MAVEN:GHSA-W3PJ-V9JR-V2WC
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-w3pj-v9jr-v2wc
- Published
-
2022-05-24T16:47:43
(2 years ago) - Modified
-
2023-12-22T10:55:02
(9 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/electricflow | org.jenkins-ci.plugins | electricflow | <= 1.1.6 | |||
Fixed | pkg:maven/org.jenkins-ci.plugins/electricflow | org.jenkins-ci.plugins | electricflow | = 1.1.7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |