Описание
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure).
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.176.3 (включая)Версия до 2.196 (включая)
Одно из
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
EPSS
Процентиль: 56%
0.0034
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
redhat
больше 6 лет назад
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure).
CVSS3: 5.4
debian
больше 6 лет назад
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandabl ...
CVSS3: 5.4
github
больше 3 лет назад
Improper Neutralization of Input During Web Page Generation in Jenkins
EPSS
Процентиль: 56%
0.0034
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79