CVE-2025-5806

Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to change report content.
Configurations

No configuration.

History

09 Jun 2025, 12:15

Type Values Removed Values Added
Summary
  • (es) El complemento Gatling 136.vb_9009b_3d33a_e de Jenkins sirve informes Gatling de una manera que elude la protección de la política de seguridad de contenido introducida en Jenkins 1.641 y 1.625, lo que genera una vulnerabilidad de Cross Site Scripting (XSS) que los usuarios pueden explotar para cambiar el contenido del informe.

06 Jun 2025, 16:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/06/06/8 -

06 Jun 2025, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-06 14:15

Updated : 2025-06-09 12:15


NVD link : CVE-2025-5806

Mitre link : CVE-2025-5806

CVE.ORG link : CVE-2025-5806


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')