Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability

2022-05-2417:03:48

Google

osv.dev

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.3%

JSON

Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.

CPENameOperatorVersion
com.paul8620.jenkins.plugins:pipeline-aggregator-vieweq1.0
com.paul8620.jenkins.plugins:pipeline-aggregator-vieweq1.7
com.paul8620.jenkins.plugins:pipeline-aggregator-vieweq1.2
com.paul8620.jenkins.plugins:pipeline-aggregator-vieweq1.8
com.paul8620.jenkins.plugins:pipeline-aggregator-vieweq1.4
com.paul8620.jenkins.plugins:pipeline-aggregator-vieweq1.3
com.paul8620.jenkins.plugins:pipeline-aggregator-vieweq1.1
com.paul8620.jenkins.plugins:pipeline-aggregator-vieweq1.6
com.paul8620.jenkins.plugins:pipeline-aggregator-vieweq1.5
com.paul8620.jenkins.plugins:pipeline-aggregator-vieweq1.4.1

Name	Operator	Version
com.paul8620.jenkins.plugins:pipeline-aggregator-view	eq	1.0
com.paul8620.jenkins.plugins:pipeline-aggregator-view	eq	1.7
com.paul8620.jenkins.plugins:pipeline-aggregator-view	eq	1.2
com.paul8620.jenkins.plugins:pipeline-aggregator-view	eq	1.8
com.paul8620.jenkins.plugins:pipeline-aggregator-view	eq	1.4
com.paul8620.jenkins.plugins:pipeline-aggregator-view	eq	1.3
com.paul8620.jenkins.plugins:pipeline-aggregator-view	eq	1.1
com.paul8620.jenkins.plugins:pipeline-aggregator-view	eq	1.6
com.paul8620.jenkins.plugins:pipeline-aggregator-view	eq	1.5
com.paul8620.jenkins.plugins:pipeline-aggregator-view	eq	1.4.1