MEDIUM 5.5
GHSA-43ph-42gv-7965
Jenkins buildgraph-view Plugin does not escape the build URL
Details
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views.
As of publication of this advisory, there is no fix.
Are you affected?
Enter the version of the package you're using.
Affected packages
Maven / org.jenkins-ci.plugins:buildgraph-view
Introduced in:
0 No fixed version published yet for org.jenkins-ci.plugins:buildgraph-view (maven). Pin to a known-safe version or switch to an alternative.