Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
📦 Vulnerable Dependencies
✍️ Summary
Medium | Undetermined | org.jenkins-ci.plugins:jira:3.0.14 | org.jenkins-ci.plugins:jira:3.0.14 | [3.6.1]
[3.7.1] |
👇 Details
Description:
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.