Back to bug 2215087

Who	When	What	Removed	Added
Guilherme de Almeida Suckevicz	2023-06-14 18:33:44 UTC	Blocks		2215113
Avinash Hanwate	2023-06-21 07:11:41 UTC	Summary	TRIAGE-CVE-2023-35144 jenkins-2-plugins: repository: Stored XSS vulnerability in Maven Repository Server Plugin	CVE-2023-35144 jenkins-2-plugins: repository: Stored XSS vulnerability in Maven Repository Server Plugin
		Alias	TRIAGE-CVE-2023-35144	CVE-2023-35144
		Doc Text		Jenkins Maven Repository Server Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
RaTasha Tillery-Smith	2023-06-21 14:03:29 UTC	Doc Text	Jenkins Maven Repository Server Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.	A flaw was found in the Jenkins Maven Repository Server Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability to inject malicious script into a web page, which would be executed in a victim's web browser within the security context of the hosting web site once the page is viewed. This flaw allows an attacker to steal the victim's cookie-based authentication credentials.
Red Hat Bugzilla	2023-07-07 08:32:39 UTC	Assignee	security-response-team	nobody

Back to bug 2215087