GHSA-6G4R-Q7QG-6QX6 Cross-site Scripting vulnerability in Jenkins

Since Jenkins 2.340, the tooltip of the build button in list views supports HTML without escaping the job display name. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356 addresses this vulnerability. The tooltip of the build button in list vie...

PT-2022-22040 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.340 through 2.355 Description: The tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability. This issue is exploitable by attackers...