Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting
High severity
GitHub Reviewed
Published
Jun 14, 2023
to the GitHub Advisory Database
•
Updated Nov 11, 2023
Package
Affected versions
<= 41.v32d86a
Patched versions
None
Description
Published by the National Vulnerability Database
Jun 14, 2023
Published to the GitHub Advisory Database
Jun 14, 2023
Reviewed
Jun 14, 2023
Last updated
Nov 11, 2023
Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.
References