Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values.
CPE | Name | Operator | Version |
---|---|---|---|
custom_build_properties | eq | <= 2.79.vc95ccc85094 |