Описание
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Fixed | RHSA-2019:3144 | 18.10.2019 |
| Red Hat OpenShift Container Platform 4.1 | jenkins | Fixed | RHSA-2019:2789 | 20.09.2019 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1747293jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
4.8 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.8
nvd
больше 6 лет назад
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
CVSS3: 4.8
debian
больше 6 лет назад
A stored cross-site scripting vulnerability in Jenkins 2.191 and earli ...
CVSS3: 4.8
github
больше 3 лет назад
Improper Neutralization of Input During Web Page Generation in Jenkins
4.8 Medium
CVSS3