wpmaster

JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links.
This is done in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure p…

Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the approved script. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest.
Script Security Plugi…

Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display nam…

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library.
Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefi…

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering’s imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3920
https://discu…