Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS03NzU2LTU2aHItMnZjcM0zHA

Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Permalink: https://github.com/advisories/GHSA-7756-56hr-2vcp
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NzU2LTU2aHItMnZjcM0zHA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 4 months ago

CVSS Score: 8.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-7756-56hr-2vcp, CVE-2022-27212
References:

• https://nvd.nist.gov/vuln/detail/CVE-2022-27212
• https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2167
• http://www.openwall.com/lists/oss-security/2022/03/15/2
• https://github.com/advisories/GHSA-7756-56hr-2vcp

Affected Packages