4 matches found
org.jenkins-ci.plugins:build-metrics (>=1.0 <=1.3) potentially affected by CVE-2022-27207 via org.jenkins-ci.plugins:global-build-stats (=1.2)
org.jenkins-ci.plugins:global-build-stats MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:global-build-stats and may be impacted: - org.jenkins-ci.plugins:build-metrics =1.0, =1.3 Source cves: CVE-2022-27207...
CVE-2022-27207
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...
CVE-2022-27207
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...
CVE-2022-27207
CVE-2022-27207 describes a stored XSS vulnerability in the Jenkins global-build-stats Plugin, affecting versions 1.5 and earlier. The issue arises because multiple fields in the chart configuration on the Global Build Stats page are not escaped, enabling an attacker with Overall/Administer permis...