Bug 471720 - HTML Tag Injection detected by HP Fortify in v. 2.2.0
Summary: HTML Tag Injection detected by HP Fortify in v. 2.2.0
Status: NEW
Alias: None
Product: Hudson
Classification: Technology
Component: Core (show other bugs)
Version: unspecified   Edit
Hardware: PC Windows 7
: P3 normal (vote)
Target Milestone: ---   Edit
Assignee: Winston Prakash CLA
QA Contact: Geoff Waymark CLA
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-02 11:45 EDT by Jeff Rodriguez CLA
Modified: 2015-07-31 17:33 EDT (History)
4 users (show)

See Also:

Attachments
Hudson 2.2.0 HTML Tag Injection Vulnerability (1.18 MB, application/pdf)
2015-07-02 11:45 EDT, Jeff Rodriguez CLA 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeff Rodriguez CLA 2015-07-02 11:45:28 EDT 
Created attachment 254905 [details]
Hudson 2.2.0 HTML Tag Injection Vulnerability

Hudson URL was detected as vulnerable to HTML Tag Injection according to a HP Fortify security scan conducted recently.  Please see attached results.
Comment 1 Jeff Rodriguez CLA 2015-07-31 15:15:19 EDT 
Are there any updates regarding this issue?  Thanks
Comment 2 Winston Prakash CLA 2015-07-31 17:33:00 EDT 
Hi Jeff, we no longer support v2.2.0. The last 2.x release was almost 5 years ago. Hudson 3.3.0 is the latest release and it has gone through rigorous security testing. The one you reported is fixed in Hudson 3.x