[MAVEN:GHSA-XMW5-45V9-PXQX] XSS vulnerability in Jenkins TICS Plugin

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses.

This results in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content.

Jenkins TICS Plugin 2020.3.0.7 escapes TICS service responses, or strips HTML out, as appropriate.

Package	Affected Version
pkg:maven/io.jenkins.plugins/tics	<= 2020.3.0.6

Package	Fixed Version
pkg:maven/io.jenkins.plugins/tics	= 2020.3.0.7

ID

MAVEN:GHSA-XMW5-45V9-PXQX

Severity

moderate

URL

https://github.com/advisories/GHSA-xmw5-45v9-pxqx

Published

2022-05-24T17:39:13
(2 years ago)

Modified

2023-12-14T15:38:42
(9 months ago)

Rights

Maven Security Team

Other Advisories

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2021-21613
			https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2098
			https://github.com/jenkinsci/tics-plugin/commit/a64493ccf81a241c5e51736721c4fe9a3e56622b
			https://github.com/advisories/GHSA-xmw5-45v9-pxqx

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/io.jenkins.plugins/tics	io.jenkins.plugins	tics	<= 2020.3.0.6
Fixed	pkg:maven/io.jenkins.plugins/tics	io.jenkins.plugins	tics	= 2020.3.0.7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date