Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://osvdb.org/92982

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

https://exchange.xforce.ibmcloud.com/vulnerabilities/84004

Related Vulnerabilities

CVE-2018-9159 Vulnerability in maven package com.sparkjava:spark-core

CVE-2022-34870 Vulnerability in maven package org.apache.geode:geode-pulse

CVE-2018-1000010 Vulnerability in maven package org.jvnet.hudson.plugins:dry

CVE-2021-21638 Vulnerability in maven package org.jenkins-ci.plugins:tfs

CVE-2020-10721 Vulnerability in maven package io.fabric8:fabric8-maven-plugin-core

Severity

Critical

Classification

CWE-79

Tags

Broken Link Vendor Advisory VDB Entry