CVE-2017-1000102 – org.jvnet.hudson.plugins:analysis-core

Package

Manager: maven
Name: org.jvnet.hudson.plugins:analysis-core
Vulnerable Version: >=0 <1.92

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00049 pctl0.14658

Details

Persistent XSS vulnerability in Static Analysis Utilities The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.

Metadata

Created: 2022-05-17T00:29:01Z
Modified: 2024-01-30T22:35:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9c2p-99pg-c4j9/GHSA-9c2p-99pg-c4j9.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9c2p-99pg-c4j9
Finding: F425
Auto approve: 1