CVE-2017-1000088 – org.jenkins-ci.plugins:sidebar-link

Package

Manager: maven
Name: org.jenkins-ci.plugins:sidebar-link
Vulnerable Version: >=0 <1.9

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00058 pctl0.18366

Details

Persisted XSS Vulnerability in Jenkins Sidebar Link Plugin The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.

Metadata

Created: 2022-05-17T00:29:00Z
Modified: 2024-01-30T22:36:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-477r-v22q-r42f/GHSA-477r-v22q-r42f.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-477r-v22q-r42f
Finding: F425
Auto approve: 1