CVE-2018-1000426

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/de.wellnerbou.jenkins/git-changelog

Identifiers

GHSA-jcmg-9rw5-9rm2, CVE-2018-1000426

Package Slug

maven/de.wellnerbou.jenkins/git-changelog

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages.

Affected Versions

All versions up to 2.6

Solution

Upgrade to version 2.7 or above.

Last Modified

2024-01-31

source