Description
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
Affected products
- Jenkins Project / Jenkins Project Inheritance Pluginunspecified – 21.04.03
- Jenkins Project / Jenkins Project Inheritance Pluginnext of 21.04.03 – unspecified