This repository has been archived by the owner on Oct 25, 2023. It is now read-only.
workflow-job-1207.ve6191ff089f8.jar: 1 vulnerabilities (highest severity is: 5.4) #93
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
The Jenkins Plugins Parent POM Project
Path to vulnerable library: /setup/jenkins/plugins/workflow-job/WEB-INF/lib/workflow-job.jar
Found in HEAD commit: c737bff522acd627979af76e7bd3a589477f0497
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - workflow-job-1207.ve6191ff089f8.jar
The Jenkins Plugins Parent POM Project
Path to vulnerable library: /setup/jenkins/plugins/workflow-job/WEB-INF/lib/workflow-job.jar
Dependency Hierarchy:
Found in HEAD commit: c737bff522acd627979af76e7bd3a589477f0497
Found in base branch: dev
Vulnerability Details
Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
Publish Date: 2023-05-16
URL: CVE-2023-32977
CVSS 3 Score Details (5.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042
Release Date: 2023-05-16
Fix Resolution: org.jenkins-ci.plugins.workflow:workflow-job:1295.v395eb_7400005
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: