摘要:
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
安全等级: Low
公告ID: KylinSec-SA-2022-1951
发布日期: 2022年8月25日
关联CVE: CVE-2022-29046
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-29046 | KY3.4-4A | subversion | Unaffected |
| CVE-2022-29046 | KY3.4-5 | subversion | Unaffected |
| CVE-2022-29046 | KY3.5.1 | subversion | Unaffected |
