Description

A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.

Remediation

References

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142

http://www.openwall.com/lists/oss-security/2019/08/07/1

Related Vulnerabilities

CVE-2017-9793 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-49798 Vulnerability in npm package @openzeppelin/contracts

CVE-2022-2466 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql

CVE-2021-46366 Vulnerability in maven package info.magnolia:magnolia-core

CVE-2021-25987 Vulnerability in npm package hexo

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory