Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and previous versions does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins job configuration history |