Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00NzdyLXYyMnEtcjQyZs4AAYT9
Persisted XSS Vulnerability in Jenkins Sidebar Link Plugin
The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.
Permalink: https://github.com/advisories/GHSA-477r-v22q-r42fJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NzdyLXYyMnEtcjQyZs4AAYT9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 4 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-477r-v22q-r42f, CVE-2017-1000088
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000088
- https://jenkins.io/security/advisory/2017-07-10/
- https://github.com/advisories/GHSA-477r-v22q-r42f
Affected Packages
maven:org.jenkins-ci.plugins:sidebar-link
Affected Version Ranges: <= 1.8Fixed in: 1.9