[Bugs] [Bug 13257] [CVE 21] junit 4.12 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13257

Svyatoslav Matveev <s.matveev на rosalinux.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CONFIRMED                   |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Svyatoslav Matveev <s.matveev на rosalinux.ru> ---
(In reply to Yury from comment #0)
> Please patch CVEs for package junit version 4.12  
> INFO (CVEs are): junit 4.12 cves found
> CVE-2022-45380
> Desc: Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S)
> URLs in test report output to clickable links in an unsafe manner, resulting
> in a stored cross-site scripting (XSS) vulnerability exploitable by
> attackers with Item/Configure permission.
> Link: https://nvd.nist.gov/vuln/detail/CVE-2022-45380
> Severity: MEDIUM

Не для нашего пакета ,относится к Jenkins JUnit Plugin.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено&hellip;
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/f5561136/attachment-0001.html>