Loading HuntDB...

GHSA-j923-26c2-qq9p

GitHub Security Advisory

Jenkins BART Plugin vulnerable to cross-site scripting (XSS)

✓ GitHub Reviewed HIGH Has CVE

Advisory Details

Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. Currently, there are no known workarounds or patches available.

Affected Packages

Maven org.jenkins-ci.plugins:bart
Affected versions: 0 (last affected: 1.0.3)

Related CVEs

Key Information

GHSA ID
GHSA-j923-26c2-qq9p
Published
November 16, 2022 12:00 PM
Last Modified
April 30, 2025 8:26 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:bart
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.