N/A

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML.

N/A

N/A

CloudBees Jenkins Warnings Next Generation Plugin 跨站脚本漏洞

CloudBees Jenkins（Hudson Labs）是美国CloudBees公司的一套基于Java开发的持续集成工具。该产品主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。Warnings Next Generation Plugin是使用在其中的一个用于收集静态分析工具报告的编译器警告信息的插件。 Jenkins Warnings Next Generation Plugin 1.0.1版及之前版本中的多个文件存在跨站脚本漏洞。攻击者可利用该漏洞使Jenkins渲染任意的HTML。

N/A

N/A