Primary

Context

Jenkins Gatling Plugin Cross-Site Scripting Vulnerability

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in the Jenkins Gatling Plugin, specifically in version 136.vb_9009b_3d33a_e. This vulnerability arises because the plugin serves Gatling reports in a way that bypasses the Content-Security-Policy protections implemented in Jenkins versions 1.641 and 1.625.3. As a result, users who can modify report content may exploit this issue.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users are advised to downgrade to Gatling Plugin version 1.3.0. As of the advisory's publication, no fixes are available for the vulnerability.

Added: Jun 6, 2025, 3:26 PM

Updated: Jun 6, 2025, 4:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Gatling Plugin Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Jenkins Gatling Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating