Description

A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142

Related Vulnerabilities

CVE-2018-8041 Vulnerability in maven package org.apache.camel:camel-mail

CVE-2021-22096 Vulnerability in maven package org.springframework:spring-core

CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-managesieve

CVE-2022-43404 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2018-11804 Vulnerability in maven package org.apache.spark:spark-core_2.10

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory