Stored XSS vulnerability in Jenkins Valgrind Plugin

2022-05-2417:27:06

Google

osv.dev

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents.

CPENameOperatorVersion
org.jenkins-ci.plugins:valgrindeq0.28
org.jenkins-ci.plugins:valgrindeq0.15
org.jenkins-ci.plugins:valgrindeq0.14
org.jenkins-ci.plugins:valgrindeq0.21
org.jenkins-ci.plugins:valgrindeq0.19
org.jenkins-ci.plugins:valgrindeq0.10
org.jenkins-ci.plugins:valgrindeq0.4
org.jenkins-ci.plugins:valgrindeq0.18
org.jenkins-ci.plugins:valgrindeq0.17
org.jenkins-ci.plugins:valgrindeq0.12

Name	Operator	Version
org.jenkins-ci.plugins:valgrind	eq	0.28
org.jenkins-ci.plugins:valgrind	eq	0.15
org.jenkins-ci.plugins:valgrind	eq	0.14
org.jenkins-ci.plugins:valgrind	eq	0.21
org.jenkins-ci.plugins:valgrind	eq	0.19
org.jenkins-ci.plugins:valgrind	eq	0.10
org.jenkins-ci.plugins:valgrind	eq	0.4
org.jenkins-ci.plugins:valgrind	eq	0.18
org.jenkins-ci.plugins:valgrind	eq	0.17
org.jenkins-ci.plugins:valgrind	eq	0.12