WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-5326 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

https://access.redhat.com/errata/RHSA-2016:0070

http://rhn.redhat.com/errata/RHSA-2016-0489.html

Related Vulnerabilities

CVE-2023-20883 Vulnerability in maven package org.springframework.boot:spring-boot-autoconfigure

CVE-2016-0790 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2015-8860 Vulnerability in maven package org.webjars:tar

CVE-2018-14041 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap

CVE-2021-27850 Vulnerability in maven package org.apache.tapestry:tapestry-core

Severity

Critical

Classification

CWE-79

Tags

Vendor Advisory