An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zNWg5LWg0MzktdnZtcs0zBg

Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin

Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: over 1 year ago

CVSS Score: 8.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-35h9-h439-vvmr, CVE-2022-27213
References: Blast Radius: 1.0

Affected Packages

Affected Version Ranges: <= 1.1.10
No known fixed version