Description

A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142

Related Vulnerabilities

CVE-2021-42228 Vulnerability in npm package kindeditor

CVE-2022-25857 Vulnerability in maven package org.yaml:snakeyaml

CVE-2020-1950 Vulnerability in maven package org.apache.tika:tika-parsers

CVE-2019-1003075 Vulnerability in maven package org.jenkins-ci.plugins:audit2db

CVE-2020-36180 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory