Описание
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.
A flaw was found in the Jenkins package. Jenkins does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to control tooltips for this component.
Отчет
This vulnerability affects Jenkins version 2.367 through 2.369 (both inclusive). Red Hat products use Jenkins LTS which is NOT affected by this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins | Not affected |
Показывать по
Дополнительная информация
Статус:
7.4 High
CVSS3
Связанные уязвимости
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips ...
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
7.4 High
CVSS3