Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zNWg5LWg0MzktdnZtcs0zBg
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin
Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
Permalink: https://github.com/advisories/GHSA-35h9-h439-vvmrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zNWg5LWg0MzktdnZtcs0zBg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
CVSS Score: 8.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-35h9-h439-vvmr, CVE-2022-27213
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-27213
- https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2252
- http://www.openwall.com/lists/oss-security/2022/03/15/2
- https://github.com/advisories/GHSA-35h9-h439-vvmr
Affected Packages
maven:io.jenkins.plugins:environment-dashboard
Affected Version Ranges: <= 1.1.10No known fixed version