CVE-2019-1003050

Опубликовано: 10 апр. 2019

Источник: redhat

CVSS3: 5.4

EPSS Низкий

Описание

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.10	jenkins	Will not fix
Red Hat OpenShift Container Platform 3.4	jenkins	Out of support scope
Red Hat OpenShift Container Platform 3.5	jenkins	Out of support scope
Red Hat OpenShift Container Platform 3.6	jenkins	Will not fix
Red Hat OpenShift Container Platform 3.7	jenkins	Will not fix
Red Hat OpenShift Container Platform 3.9	jenkins	Will not fix
Red Hat OpenShift Container Platform 4	jenkins	Not affected
Red Hat OpenShift Container Platform 3.11	atomic-enterprise-service-catalog	Fixed	RHBA-2019:1605	26.06.2019
Red Hat OpenShift Container Platform 3.11	atomic-openshift-cluster-autoscaler	Fixed	RHBA-2019:1605	26.06.2019
Red Hat OpenShift Container Platform 3.11	atomic-openshift-descheduler	Fixed	RHBA-2019:1605	26.06.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1699333jenkins: Improper escaping of job URLs in f:validateButton leads to cross-site scripting vulnerability.

EPSS

Процентиль: 76%

0.00967

Низкий

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2019-1003050

CVSS3: 5.4

nvd

почти 7 лет назад

CVE-2019-1003050

CVSS3: 5.4

debian

почти 7 лет назад

The f:validateButton form control for the Jenkins UI did not properly ...

GHSA-qpg9-83fv-x9ch

CVSS3: 5.4

github

больше 3 лет назад

Improper Neutralization of Input During Web Page Generation in Jenkins

EPSS

Процентиль: 76%

0.00967

Низкий

5.4 Medium

CVSS3