Описание
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.176.3 (включая)Версия до 2.196 (включая)
Одно из
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
EPSS
Процентиль: 63%
0.00454
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
redhat
больше 6 лет назад
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
CVSS3: 5.4
debian
больше 6 лет назад
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...
CVSS3: 5.4
github
больше 3 лет назад
Improper Neutralization of Input During Web Page Generation in Jenkins
EPSS
Процентиль: 63%
0.00454
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79