Описание
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.
Ссылки
- Broken Link
- Third Party Advisory
- Vendor Advisory
- PatchThird Party Advisory
- Broken Link
- Third Party Advisory
- Vendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.164.1 (включая)Версия до 2.171 (включая)
Одно из
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00967
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
redhat
почти 7 лет назад
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.
CVSS3: 5.4
debian
почти 7 лет назад
The f:validateButton form control for the Jenkins UI did not properly ...
CVSS3: 5.4
github
больше 3 лет назад
Improper Neutralization of Input During Web Page Generation in Jenkins
EPSS
Процентиль: 76%
0.00967
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79