Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mY3I2LTZjcGgtdm1jbc06ug
Stored XSS vulnerability in Jenkins Git Parameter Plugin
Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Permalink: https://github.com/advisories/GHSA-fcr6-6cph-vmcmJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mY3I2LTZjcGgtdm1jbc06ug
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 5 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-fcr6-6cph-vmcm, CVE-2022-29040
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-29040
- https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617
- https://github.com/advisories/GHSA-fcr6-6cph-vmcm
Affected Packages
maven:org.jenkins-ci.tools:git-parameter
Affected Version Ranges: < 0.9.16Fixed in: 0.9.16