CVE-2018-1000416

Опубликовано: 09 янв. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access.

Ссылки

http://www.securityfocus.com/bid/106532
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1130
Third Party Advisory
http://www.securityfocus.com/bid/106532
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1130
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jobconfighistory_project:jobconfighistory:*:*:*:*:*:jenkins:*:*

Версия до 2.18 (включая)

EPSS

Процентиль: 46%

0.00234

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w3r4-vx9w-f7p7