Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin
High severity
GitHub Reviewed
Published
Mar 30, 2022
to the GitHub Advisory Database
•
Updated Dec 6, 2023
Package
Affected versions
< 2.4
Patched versions
2.4
Description
Published by the National Vulnerability Database
Mar 29, 2022
Published to the GitHub Advisory Database
Mar 30, 2022
Reviewed
Nov 29, 2022
Last updated
Dec 6, 2023
Credits
-
NotMyFault Analyst
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents.
References