Cross site scripting

2022-10-1916:15:00

PRIOn knowledge base

www.prio-n.com

jenkins

pipeline

api

xss

vulnerability

hyperlinks

post requests

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.4%

JSON

Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.