[JENKINS-68869] [gerrit-trigger] Admin only XSS

Type: Bug
Resolution: Unresolved
Priority: Minor
Component/s: gerrit-trigger-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

Description

Gerrit Trigger does not escape the frontEndUrl.

This results in a stored cross-site scripting (XSS) vulnerability exploitable only by attackers with Overall/Administer permission.

We don't consider it a security vulnerability, because you need administer permission to exploit it and as an administer you can already do all the impact of a XSS.

Recommendation

Escape the variable with Functions.htmlAttributeEscape() to avoid getting out of href's context
Make sure the variable is a valid url, eg. starting with HTTP or HTTPs

There are no comments yet on this issue.

Assignee:: rsandell

Reporter:: Kevin Guerroudj

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2022-06-29 09:34

Updated:: 2022-06-29 09:34

Jenkins

Details

Description

Attachments

Activity

People

Dates