Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1999007

Опубликовано: 18 июл. 2018
Источник: redhat
CVSS3: 4.7

Описание

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Enterprise 3jenkinsAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1609624jenkins: HTTP 404 error pages do not escape URLs when Stapler framework used in debug mode, allowing for XSS

4.7 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1999007

CVSS3: 5.4
nvd
больше 7 лет назад

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled.

debian логотип

CVE-2018-1999007

CVSS3: 5.4
debian
больше 7 лет назад

A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...

github логотип

GHSA-6456-xjm5-g3pg

CVSS3: 5.4
github
больше 3 лет назад

Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin

4.7 Medium

CVSS3