GHSA-jcmg-9rw5-9rm2, CVE-2018-1000426
maven/de.wellnerbou.jenkins/git-changelog
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages.
All versions up to 2.6
Upgrade to version 2.7 or above.
2024-01-31
source |