VYPR

Maven package

com.paul8620.jenkins.plugins/pipeline-aggregator-view

pkg:maven/com.paul8620.jenkins.plugins/pipeline-aggregator-view

Vulnerabilities (2)

  • CVE-2023-28670MedApr 2, 2023
    affected < 1.14fixed 1.14

    Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.

  • CVE-2019-16564MedDec 17, 2019
    affected < 1.9fixed 1.9

    Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.