Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03NzU2LTU2aHItMnZjcM0zHA
Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin
Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Permalink: https://github.com/advisories/GHSA-7756-56hr-2vcpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NzU2LTU2aHItMnZjcM0zHA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 7 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-7756-56hr-2vcp, CVE-2022-27212
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-27212
- https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2167
- http://www.openwall.com/lists/oss-security/2022/03/15/2
- https://github.com/advisories/GHSA-7756-56hr-2vcp
Affected Packages
maven:org.jenkins-ci.plugins:list-git-branches-parameter
Affected Version Ranges: <= 0.0.9No known fixed version