Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000170

Опубликовано: 11 апр. 2018
Источник: redhat
CVSS3: 5.4

Описание

A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Enterprise 3jenkinsAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1566950jenkins: Cross-site scripting vulnerability in confirmation dialogs displaying item names (SECURITY-759)

5.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1000170

CVSS3: 5.4
nvd
почти 8 лет назад

A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions.

debian логотип

CVE-2018-1000170

CVSS3: 5.4
debian
почти 8 лет назад

A cross-site scripting vulnerability exists in Jenkins 2.115 and older ...

github логотип

GHSA-9jcv-v4jp-w3cq

CVSS3: 5.4
github
больше 3 лет назад

Cross-site Scripting in Jenkins Core

5.4 Medium

CVSS3