Back to bug 2215088

Who When What Removed Added
Guilherme de Almeida Suckevicz 2023-06-14 18:33:44 UTC Blocks 2215113
Avinash Hanwate 2023-06-26 11:01:57 UTC Resolution --- NOTABUG
Summary TRIAGE-CVE-2023-35145 jenkins-2-plugins: sonargraph-integration: Stored XSS vulnerability in Sonargraph Integration Plugin CVE-2023-35145 jenkins-2-plugins: sonargraph-integration: Stored XSS vulnerability in Sonargraph Integration Plugin
Status NEW CLOSED
Alias TRIAGE-CVE-2023-35145 CVE-2023-35145
Last Closed 2023-06-26 11:01:57 UTC
Avinash Hanwate 2023-07-11 05:57:03 UTC Doc Text Jenkins Sonargraph Integration Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
RaTasha Tillery-Smith 2023-07-11 14:33:25 UTC Doc Text Jenkins Sonargraph Integration Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. A flaw was found in the Jenkins Sonargraph Integration Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. This flaw allows a remote, authenticated attacker to inject malicious script into a Web page, which would be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed, and steal the victim's cookie-based authentication credentials.

Back to bug 2215088