Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin

2022-02-1600:01:29

Google

osv.dev

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CPENameOperatorVersion
org.jenkins-ci.plugins:generic-webhook-triggereq1.66
org.jenkins-ci.plugins:generic-webhook-triggereq1.62
org.jenkins-ci.plugins:generic-webhook-triggereq1.54
org.jenkins-ci.plugins:generic-webhook-triggereq1.32
org.jenkins-ci.plugins:generic-webhook-triggereq1.30
org.jenkins-ci.plugins:generic-webhook-triggereq1.33
org.jenkins-ci.plugins:generic-webhook-triggereq1.80
org.jenkins-ci.plugins:generic-webhook-triggereq1.67
org.jenkins-ci.plugins:generic-webhook-triggereq1.39
org.jenkins-ci.plugins:generic-webhook-triggereq1.53

Name	Operator	Version
org.jenkins-ci.plugins:generic-webhook-trigger	eq	1.66
org.jenkins-ci.plugins:generic-webhook-trigger	eq	1.62
org.jenkins-ci.plugins:generic-webhook-trigger	eq	1.54
org.jenkins-ci.plugins:generic-webhook-trigger	eq	1.32
org.jenkins-ci.plugins:generic-webhook-trigger	eq	1.30
org.jenkins-ci.plugins:generic-webhook-trigger	eq	1.33
org.jenkins-ci.plugins:generic-webhook-trigger	eq	1.80
org.jenkins-ci.plugins:generic-webhook-trigger	eq	1.67
org.jenkins-ci.plugins:generic-webhook-trigger	eq	1.39
org.jenkins-ci.plugins:generic-webhook-trigger	eq	1.53