GHSA-h8hf-hxx6-5g6v, CVE-2022-45382
maven/org.jenkins-ci.plugins/naginator
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.
All versions up to 1.18.1
Unfortunately, there is no solution available yet.
2022-11-22
source |