Description

A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-906

Related Vulnerabilities

CVE-2022-45935 Vulnerability in maven package org.apache.james:james-server-data-file

CVE-2019-10349 Vulnerability in maven package org.jenkins-ci.plugins:depgraph-view

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2020-6831 Vulnerability in npm package electron

CVE-2020-11980 Vulnerability in maven package org.apache.karaf.management:org.apache.karaf.management.server

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory