Описание
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
Ссылки
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.176.2 (включая)Версия до 2.191 (включая)
Одно из
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00539
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
redhat
больше 6 лет назад
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
CVSS3: 4.8
debian
больше 6 лет назад
A stored cross-site scripting vulnerability in Jenkins 2.191 and earli ...
CVSS3: 4.8
github
больше 3 лет назад
Improper Neutralization of Input During Web Page Generation in Jenkins
EPSS
Процентиль: 67%
0.00539
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79