Skip to content

CVE-2022-27207 - fixed stored XSS vulnerability #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
balakine merged 2 commits into from
Mar 31, 2023
Merged

CVE-2022-27207 - fixed stored XSS vulnerability #38

balakine merged 2 commits into from
Mar 31, 2023

Conversation

@balakine
Copy link
Contributor

@balakine balakine commented Mar 27, 2023

URL encoded string parameters to address SECURITY-1886

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

@balakine balakine changed the title Fix SECURITY-1886 - Stored XSS vulnerability CVE-2022-27207 - fixed stored XSS vulnerability Mar 31, 2023
@balakine balakine added the bug Bug fixes label Mar 31, 2023
@balakine balakine merged commit 214f743 into jenkinsci:master Mar 31, 2023
@MarkEWaite MarkEWaite mentioned this pull request Aug 8, 2023
Merged
MarkEWaite added a commit to MarkEWaite/update-center2 that referenced this pull request Aug 8, 2023
@MarkEWaite
SECURITY-1886 fixed in global build stats plugin
9c07aca 
jenkinsci/global-build-stats-plugin#38 fixed
the https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886
stored cross-site scripting vulnerability.

https://github.com/jenkinsci/global-build-stats-plugin/releases/tag/269.v214f74360b_3a_
is the release that includes that pull request.
daniel-beck pushed a commit to jenkins-infra/update-center2 that referenced this pull request Sep 19, 2023
@MarkEWaite
SECURITY-1886 fixed in global build stats plugin (#731)
a3dcfe1 
* SECURITY-1886 fixed in global build stats plugin

jenkinsci/global-build-stats-plugin#38 fixed
the https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886
stored cross-site scripting vulnerability.

https://github.com/jenkinsci/global-build-stats-plugin/releases/tag/269.v214f74360b_3a_
is the release that includes that pull request.

* 244.v27c8a_2e50a_34 is global build stats last affected version

Extend the pattern match to include 244.v27c8a_2e50a_34 as the last
global build status version affected by
https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886

* Include more interim releases in regex

Releases that have the security issue include:

* 1.0
* 1.1
* 1.2
* 1.3
* 1.4
* 1.5
* 244.v27c8a_2e50a_34
* 269.v214f74360b_3a_
* 282.v79ca_e079d1b_1

* Group the version numbers

Lack of grouping the version numbers negates the purpose of the
(|[.-].+) suffix.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Bug fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@balakine