Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1999005

Опубликовано: 18 июл. 2018
Источник: redhat
CVSS3: 6.4
EPSS Низкий

Описание

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Enterprise 3jenkinsAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1609620jenkins: Cross-site scripting in build timeline widget exploitable by users able to control item display names

EPSS

Процентиль: 37%
0.00158
Низкий

6.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1999005

CVSS3: 5.4
nvd
больше 7 лет назад

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

debian логотип

CVE-2018-1999005

CVSS3: 5.4
debian
больше 7 лет назад

A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...

github логотип

GHSA-pgxv-h967-fw2q

CVSS3: 5.4
github
больше 3 лет назад

Improper Neutralization of Input During Web Page Generation in Jenkins

EPSS

Процентиль: 37%
0.00158
Низкий

6.4 Medium

CVSS3