[MAVEN:GHSA-WJ78-8XRX-PHR7] Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin
Severity
Moderate
Affected Packages
1
CVEs
1
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/global-build-stats | <= 1.5 |
- ID
- MAVEN:GHSA-WJ78-8XRX-PHR7
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-wj78-8xrx-phr7
- Published
-
2022-03-16T00:00:43
(2 years ago) - Modified
-
2023-12-28T19:40:24
(8 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/global-build-stats | org.jenkins-ci.plugins | global-build-stats | <= 1.5 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |