CVE-2018-1000604

Опубликовано: 26 июн. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

Ссылки

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-906
Vendor Advisory
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-906
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:badge:*:*:*:*:*:jenkins:*:*

Версия до 1.4 (включая)

EPSS

Процентиль: 18%

0.00058

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3xjq-8j89-xrw9