Updated: 2024-11-30 03:34:58.873549
Description:
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | LOW | 3.5 |
CVSS Version 3.x | MEDIUM | 5.4 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | subversion | 1.6.11 | 5.4 | MEDIUM | Ignored | 2022-04-21 07:04:37 | ||
CentOS 8.4 ELS | subversion | 1.10.2 | 5.4 | MEDIUM | Ignored | 2022-04-21 07:04:37 | ||
CentOS 8.5 ELS | subversion | 1.10.2 | 5.4 | MEDIUM | Ignored | 2022-04-24 12:48:26 | ||
CloudLinux 6 ELS | subversion | 1.6.11 | 5.4 | MEDIUM | Ignored | 2022-04-21 07:04:37 | ||
Oracle Linux 6 ELS | subversion | 1.6.11 | 5.4 | MEDIUM | Ignored | 2022-04-21 07:04:37 | ||
Ubuntu 16.04 ELS | subversion | 1.9.3-2 | 5.4 | MEDIUM | Ignored | 2022-04-21 07:04:37 | ||
Ubuntu 18.04 ELS | subversion | 1.9.7-4 | 5.4 | MEDIUM | Ignored | 2023-06-22 17:07:11 |