Persistent XSS vulnerability in Static Analysis Utilities

2022-05-1700:29:01

Google

osv.dev

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.

CPENameOperatorVersion
org.jvnet.hudson.plugins:analysis-coreeq1.64
org.jvnet.hudson.plugins:analysis-coreeq1.15
org.jvnet.hudson.plugins:analysis-coreeq1.27
org.jvnet.hudson.plugins:analysis-coreeq1.4
org.jvnet.hudson.plugins:analysis-coreeq1.49
org.jvnet.hudson.plugins:analysis-coreeq1.91
org.jvnet.hudson.plugins:analysis-coreeq1.90
org.jvnet.hudson.plugins:analysis-coreeq1.37
org.jvnet.hudson.plugins:analysis-coreeq1.65
org.jvnet.hudson.plugins:analysis-coreeq1.56

Name	Operator	Version
org.jvnet.hudson.plugins:analysis-core	eq	1.64
org.jvnet.hudson.plugins:analysis-core	eq	1.15
org.jvnet.hudson.plugins:analysis-core	eq	1.27
org.jvnet.hudson.plugins:analysis-core	eq	1.4
org.jvnet.hudson.plugins:analysis-core	eq	1.49
org.jvnet.hudson.plugins:analysis-core	eq	1.91
org.jvnet.hudson.plugins:analysis-core	eq	1.90
org.jvnet.hudson.plugins:analysis-core	eq	1.37
org.jvnet.hudson.plugins:analysis-core	eq	1.65
org.jvnet.hudson.plugins:analysis-core	eq	1.56