search

jfrog / jenkins-artifactory-plugin

Jenkins artifactory plugin
http://jenkins-ci.org/
115 stars 186 forks source link

[šŸø Frogbot] Update version of org.jenkins-ci.plugins.workflow:workflow-job to [1295.v395eb_7400005] #850

Closed github-actions[bot] closed 12 months ago

github-actions[bot] commented 12 months ago
[![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/vulnerabilitiesFixBannerPR.png)](https://github.com/jfrog/frogbot#readme)

šŸ“¦ Vulnerable Dependencies

āœļø Summary

| SEVERITY | CONTEXTUAL ANALYSIS | DIRECT DEPENDENCIES | IMPACTED DEPENDENCY | FIXED VERSIONS | | :---------------------: | :----------------------------------: | :----------------------------------: | :-----------------------------------: | :---------------------------------: | | ![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/applicableMediumSeverity.png)
Medium | Undetermined |org.jenkins-ci.plugins.workflow:workflow-job:2.32 | org.jenkins-ci.plugins.workflow:workflow-job:2.32 | [1295.v395eb_7400005] |

šŸ‘‡ Details

Description:

Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

[JFrog Frogbot](https://github.com/jfrog/frogbot#readme)