Reflected XSS vulnerability in Jenkins Queue cleanup Plugin
Moderate severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Dec 6, 2023
Description
Published by the National Vulnerability Database
Mar 25, 2020
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Dec 22, 2022
Last updated
Dec 6, 2023
Credits
-
NotMyFault Analyst
A form validation HTTP endpoint in Queue cleanup Plugin 1.3 and earlier does not escape a query parameter displayed in an error message. This results in a reflected cross-site scripting vulnerability (XSS).
Queue cleanup Plugin 1.4 correctly escapes the query parameter.
References