CVE-2018-1000413

Опубликовано: 09 янв. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.

Ссылки

http://www.securityfocus.com/bid/106532
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080
Third Party Advisory
http://www.securityfocus.com/bid/106532
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:config_file_provider:*:*:*:*:*:jenkins:*:*

Версия до 3.1 (включая)

EPSS

Процентиль: 23%

0.00077

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vwfm-42q6-qj75