Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jenkins-ci.plugins.workflow/workflow-support@839.v35e2736cfd5c
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-support@839.v35e2736cfd5c
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-73th-g3mx-dqf1 Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build after aborting it. Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of these hyperlinks in build logs. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines. Pipeline: Supporting APIs Plugin 839.v35e2736cfd5c properly encodes URLs of these hyperlinks in build logs. CVE-2022-43409
GHSA-64r9-x74q-wxmh

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-03T21:28:07.412728+00:00 GitLab Importer Fixing VCID-73th-g3mx-dqf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins.workflow/workflow-support/CVE-2022-43409.yml 38.1.0
2026-04-01T16:03:48.207962+00:00 GHSA Importer Fixing VCID-73th-g3mx-dqf1 https://github.com/advisories/GHSA-64r9-x74q-wxmh 38.0.0
2026-04-01T13:05:03.597406+00:00 GithubOSV Importer Fixing VCID-73th-g3mx-dqf1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-64r9-x74q-wxmh/GHSA-64r9-x74q-wxmh.json 38.0.0