Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.jenkins-ci.plugins:credentials(Maven) | 2.3.16 | 2.3.19 | N/A |
| org.jenkins-ci.plugins:credentials(Maven) | 2.3.15 | 2.3.15.1 | N/A |
| org.jenkins-ci.plugins:credentials(Maven) | 2.3.14 | 2.3.14.1 | N/A |
| org.jenkins-ci.plugins:credentials(Maven) | 2.3.8 | 2.3.13.1 | N/A |
| org.jenkins-ci.plugins:credentials(Maven) | 2.3.1 | 2.3.7.1 | N/A |
| org.jenkins-ci.plugins:credentials(Maven) | 0 | 2.3.0.1 | N/A |
CVSS Metrics
