logo
DATABASE RESOURCES PRICING ABOUT US

Cross site scripting in Jenkins Embeddable Build Status Plugin

Description

Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability.


Affected Software


CPE Name Name Version
org.jenkins-ci.plugins:embeddable-build-status 1.0
org.jenkins-ci.plugins:embeddable-build-status 1.1
org.jenkins-ci.plugins:embeddable-build-status 1.2
org.jenkins-ci.plugins:embeddable-build-status 1.3
org.jenkins-ci.plugins:embeddable-build-status 1.4
org.jenkins-ci.plugins:embeddable-build-status 1.5
org.jenkins-ci.plugins:embeddable-build-status 1.6
org.jenkins-ci.plugins:embeddable-build-status 1.7
org.jenkins-ci.plugins:embeddable-build-status 1.8
org.jenkins-ci.plugins:embeddable-build-status 1.9
org.jenkins-ci.plugins:embeddable-build-status 2.0
org.jenkins-ci.plugins:embeddable-build-status 2.0-beta1
org.jenkins-ci.plugins:embeddable-build-status 2.0-beta2
org.jenkins-ci.plugins:embeddable-build-status 2.0.1
org.jenkins-ci.plugins:embeddable-build-status 2.0.2
org.jenkins-ci.plugins:embeddable-build-status 2.0.3

Related