GHSA-h8hf-hxx6-5g6v
GitHub Security Advisory
Cross-site Scripting in Jenkins Naginator Plugin
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.
Naginator Plugin 1.18.2 escapes display names of source builds.
Affected Packages
Maven
org.jenkins-ci.plugins:naginator
Affected versions:
0
(fixed in 1.18.2)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: August 27, 2025 6:31 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.