Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Related Vulnerabilities

CVE-2018-20677 Vulnerability in maven package org.webjars:bootstrap

CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-service

CVE-2022-36663 Vulnerability in maven package org.gluu:oxauth-common

CVE-2016-4432 Vulnerability in maven package org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol

CVE-2022-41249 Vulnerability in maven package com.meowlomo.jenkins:scm-httpclient

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory