Jenkins Job Config History Plugin reflected XSS vulnerability
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Jan 9, 2024
Package
Affected versions
<= 2.18
Patched versions
2.18.1
Description
Published by the National Vulnerability Database
Jan 9, 2019
Published to the GitHub Advisory Database
May 14, 2022
Last updated
Jan 9, 2024
Reviewed
Jan 9, 2024
A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access.
References