SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Jenkins plugin Claim XSS

Category: WEB-ATTACKS      

Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins.


Relevant Information