CVE-2022-27212 – org.jenkins-ci.plugins:list-git-branches-parameter

Package

Manager: maven
Name: org.jenkins-ci.plugins:list-git-branches-parameter
Vulnerable Version: >=0 <=0.0.9

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.31598 pctl0.96651

Details

Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Metadata

Created: 2022-03-16T00:00:43Z
Modified: 2023-10-27T16:53:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-7756-56hr-2vcp/GHSA-7756-56hr-2vcp.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-7756-56hr-2vcp
Finding: F425
Auto approve: 1