Updated: 2023-11-23 19:23:25.598776
Description:
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 4.3 |
CVSS Version 3.x | MEDIUM | 6.1 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | git | 1.7.1 | 6.1 | MEDIUM | Ignored | 2023-02-08 04:03:34 | |
CentOS 7 ELS | git | 1.8.3 | 6.1 | MEDIUM | Not Vulnerable | 2024-03-11 09:53:11 | |
CentOS 8.4 ELS | git | 2.27.0 | 6.1 | MEDIUM | Ignored | 2023-02-08 04:03:36 | |
CentOS 8.5 ELS | git | 2.27.0 | 6.1 | MEDIUM | Ignored | 2023-02-08 04:03:36 | |
CloudLinux 6 ELS | git | 1.7.1 | 6.1 | MEDIUM | Ignored | 2023-02-08 04:03:34 | |
Oracle Linux 6 ELS | git | 1.7.1 | 6.1 | MEDIUM | Ignored | 2023-02-08 04:03:34 | |
Ubuntu 16.04 ELS | git | 2.7.4 | 6.1 | MEDIUM | Ignored | 2023-02-08 04:03:36 | |
Ubuntu 18.04 ELS | git | 2.17.1 | 6.1 | MEDIUM | Not Vulnerable | 2024-05-09 10:22:05 |