Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-2601

Опубликовано: 10 мая 2018
Источник: debian
EPSS Низкий

Описание

Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jenkinsremovedpackage

Примечания

  • https://jenkins.io/security/advisory/2017-02-01/

EPSS

Процентиль: 55%
0.00328
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2017-2601

CVSS3: 5.4
ubuntu
больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.

redhat логотип

CVE-2017-2601

CVSS3: 6.1
redhat
около 9 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.

nvd логотип

CVE-2017-2601

CVSS3: 5.4
nvd
больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.

github логотип

GHSA-r69c-5j7c-vm6q

CVSS3: 5.4
github
больше 3 лет назад

Cross-site Scripting in Jenkins

EPSS

Процентиль: 55%
0.00328
Низкий