Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
Moderate severity
GitHub Reviewed
Published
Jan 13, 2022
to the GitHub Advisory Database
•
Updated Dec 27, 2023
Package
Affected versions
< 1.23
Patched versions
1.23
Description
Published by the National Vulnerability Database
Jan 12, 2022
Published to the GitHub Advisory Database
Jan 13, 2022
Reviewed
Nov 29, 2022
Last updated
Dec 27, 2023
Credits
-
NotMyFault Analyst
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
References