Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32652

XSS in Possible Next Executions widget

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: next-executions-plugin
    • Labels:
      None
    • Environment:
      Jenkins: 1.645
      next-executions: 1.0.10
    • Similar Issues:

      Description

      You can inject HTML code by set job display name (Configuration -> Advanced Project Options ). I set JOB <script>alert('foo');</script> and get alert with "foo" text.

        Attachments

          Activity

            People

            • Assignee:
              ialbors Ignacio Albors
              Reporter:
              agabrys Adam Gabryƛ
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: