Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY-1886] Fix more occurrences of this vulnerability #52

Merged
merged 4 commits into from
Sep 1, 2023
Merged

[SECURITY-1886] Fix more occurrences of this vulnerability #52

merged 4 commits into from
Sep 1, 2023

Conversation

balakine
Copy link
Contributor

@balakine balakine commented Aug 17, 2023
edited
Loading

Escape an overview url and template evalluation

Testing done

Added XSS attack string to all the text fields and tested preview and render functionality.

Submitter checklist
Beta Give feedback

yaroslavafenkin
yaroslavafenkin reviewed Aug 21, 2023
View reviewed changes
Copy link

@yaroslavafenkin yaroslavafenkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks reasonable security wise. I've tested the hpi locally and was not able to find anything else.

@balakine balakine marked this pull request as ready for review August 21, 2023 10:50
@daniel-beck daniel-beck mentioned this pull request Aug 23, 2023
Merged
@balakine balakine changed the base branch from master to next_release August 29, 2023 11:09
@balakine balakine merged commit f04e016 into jenkinsci:next_release Sep 1, 2023
15 checks passed
balakine added a commit that referenced this pull request Sep 1, 2023
@balakine
[SECURITY-1886] Fix more occurrences of this vulnerability (#52)
6eca8d7 
* Escape an overview url and template evalluation
balakine added a commit that referenced this pull request Sep 7, 2023
@balakine
[SECURITY-1886] Fix more occurrences of this vulnerability (#52)
1754ac0 
* Escape an overview url and template evalluation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yaroslavafenkin yaroslavafenkin Awaiting requested review from yaroslavafenkin

@Wadeck Wadeck Awaiting requested review from Wadeck

@MarkEWaite MarkEWaite Awaiting requested review from MarkEWaite

@timja timja Awaiting requested review from timja

Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@balakine @yaroslavafenkin