search

jfrog / jenkins-artifactory-plugin

Jenkins artifactory plugin
http://jenkins-ci.org/
115 stars 186 forks source link

[🐸 Frogbot] Update version of org.jenkins-ci.plugins:jira to 3.12 #904

Open github-actions[bot] opened 7 months ago

github-actions[bot] commented 7 months ago
[![🚨 This automated pull request was created by Frogbot and fixes the below:](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/vulnerabilitiesFixBannerPR.png)](https://github.com/jfrog/frogbot#readme)

📦 Vulnerable Dependencies

✍️ Summary

| SEVERITY | CONTEXTUAL ANALYSIS | DIRECT DEPENDENCIES | IMPACTED DEPENDENCY | FIXED VERSIONS | CVES | | :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | | ![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/applicableMediumSeverity.png)
Medium | Undetermined | org.jenkins-ci.plugins:jira:3.0.14 | org.jenkins-ci.plugins:jira 3.0.14 | [3.6.1]
[3.7.1] | CVE-2022-29041 |

🔬 Research Details

Description: Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

[🐸 JFrog Frogbot](https://github.com/jfrog/frogbot#readme)