Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32652

XSS in Possible Next Executions widget

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: next-executions-plugin
    • Labels:
      None
    • Environment:
      Jenkins: 1.645
      next-executions: 1.0.10
    • Similar Issues:

      Description

      You can inject HTML code by set job display name (Configuration -> Advanced Project Options ). I set JOB <script>alert('foo');</script> and get alert with "foo" text.

        Attachments

          Activity

          agabrys Adam Gabryś created issue -
          agabrys Adam Gabryś made changes -
          Field Original Value New Value
          Assignee Ignacio Albors [ ialbors ]
          ialbors Ignacio Albors made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          ialbors Ignacio Albors made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 168311 ] JNJira + In-Review [ 209654 ]

            People

            • Assignee:
              ialbors Ignacio Albors
              Reporter:
              agabrys Adam Gabryś
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: