First published: Tue May 16 2023(Updated: )
Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name in its test result page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Loadcomplete Support | <=1.0 | |
maven/org.jenkins-ci.plugins:loadcomplete | <=1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.