Описание
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.176.3 (включая)Версия до 2.196 (включая)
Одно из
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
EPSS
Процентиль: 64%
0.00466
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
redhat
больше 6 лет назад
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
CVSS3: 4.8
debian
больше 6 лет назад
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or ...
CVSS3: 4.8
github
больше 3 лет назад
Improper Neutralization of Input During Web Page Generation in Jenkins
EPSS
Процентиль: 64%
0.00466
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79