3 matches found
Stored XSS vulnerability in Jenkins Git Plugin
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to th...
Cross-site Scripting (XSS)
jenkins Git Plugin is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause...
CVE-2021-21684
A stored cross-site scripting XSS vulnerability was found in the Jenkins Git plugin. Due to not escaping the Git SHA-1 checksum parameters provided to commit notifications, an attacker is able to submit crafted commit notifications to the /git/notifyCommit endpoint...