Description

A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142

Related Vulnerabilities

CVE-2021-25329 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2022-41854 Vulnerability in maven package org.yaml:snakeyaml

CVE-2020-26237 Vulnerability in npm package highlight.js

CVE-2019-16555 Vulnerability in maven package com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

CVE-2021-28860 Vulnerability in npm package mixme

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory