Back to bug 2215086
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2023-06-14 18:33:44 UTC | Blocks | 2215113 | |
| Avinash Hanwate | 2023-06-21 07:06:48 UTC | Doc Text | Jenkins Maven Repository Server Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |
| Alias | TRIAGE-CVE-2023-35143 | CVE-2023-35143 | ||
| Avinash Hanwate | 2023-06-21 07:07:29 UTC | Summary | TRIAGE-CVE-2023-35143 jenkins-2-plugins: repository: Stored XSS vulnerability in Maven Repository Server Plugin | CVE-2023-35143 jenkins-2-plugins: repository: Stored XSS vulnerability in Maven Repository Server Plugin |
| Doc Text | Jenkins Maven Repository Server Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | Jenkins Maven Repository Server Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||
| RaTasha Tillery-Smith | 2023-06-21 13:57:56 UTC | Doc Text | Jenkins Maven Repository Server Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | A flaw was found in the Jenkins Maven Repository Server Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote, authenticated attacker can inject malicious script into a web page, which would be executed in a victim's web browser within the security context of the hosting Web site once the page is viewed. This flaw allows an attacker to steal the victim's cookie-based authentication credentials. |
| Red Hat Bugzilla | 2023-07-07 08:33:03 UTC | Assignee | security-response-team | nobody |
Back to bug 2215086