CVE-2018-1000202

Опубликовано: 05 июн. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

Ссылки

https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821
Vendor Advisory
https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:groovy_postbuild:*:*:*:*:*:jenkins:*:*

Версия до 2.3.1 (включая)

EPSS

Процентиль: 18%

0.00058

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-38ch-x695-m794