Jenkins Maven Release Plugin vulnerable to Cross-site Scripting
Moderate severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Dec 6, 2023
Package
Affected versions
< 0.15.0
Patched versions
0.15.0
Description
Published by the National Vulnerability Database
Jul 31, 2019
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Mar 3, 2023
Last updated
Dec 6, 2023
A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Variables on affected views are now escaped.
References