SCM/JIRA link daemon
added a comment - Code changed in jenkins
User: Jesse Glick
Path:
changelog.html
core/src/main/java/hudson/Functions.java
core/src/test/java/hudson/FunctionsTest.java
http://jenkins-ci.org/commit/jenkins/a900b488b527a25009e3536bc94e945f5fbfe4ad
Log:
[FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.
Integrated in jenkins_main_trunk #3081 [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages. (Revision a900b488b527a25009e3536bc94e945f5fbfe4ad)
Possible attack vector for malicious users who just need to trigger log messages with a script payload and wait for admins to access the log.
Daniel Beck
added a comment - Possible attack vector for malicious users who just need to trigger log messages with a script payload and wait for admins to access the log.
Code changed in jenkins
User: Jesse Glick
Path:
changelog.html
core/src/main/java/hudson/Functions.java
core/src/test/java/hudson/FunctionsTest.java
http://jenkins-ci.org/commit/jenkins/a900b488b527a25009e3536bc94e945f5fbfe4ad
Log:
[FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.