Stored XSS vulnerability in Description Column Plugin

2022-05-2417:28:26

Google

osv.dev

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CPENameOperatorVersion
org.jenkins-ci.plugins:description-column-plugineq1.1
org.jenkins-ci.plugins:description-column-plugineq1.2
org.jenkins-ci.plugins:description-column-plugineq1.3

Name	Operator	Version
org.jenkins-ci.plugins:description-column-plugin	eq	1.1
org.jenkins-ci.plugins:description-column-plugin	eq	1.2
org.jenkins-ci.plugins:description-column-plugin	eq	1.3