Bug 2044499 (CVE-2022-20615)
| Summary: | CVE-2022-20615 jenkins-2-plugins/matrix-project: does not escape HTML metacharacters which could result in XSS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abenaiss, aos-bugs, bmontgom, eparis, jburrell, jokerman, nstielau, sponnaga, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | matrix project plugin 1.20 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A stored Cross-site scripting (XSS) vulnerability was found in the Jenkins Matrix Project plugin. There are no escape HTML metacharacters in node, label names, and label descriptions, which allows an attacker with Agent/Configure permissions to perform an XSS attack.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2044927, 2044928, 2044929, 2047839 | ||
| Bug Blocks: | 2044461 | ||
|
Description
Michael Kaplan
2022-01-24 17:24:04 UTC
|