Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Related Vulnerabilities

CVE-2019-16568 Vulnerability in maven package hudson.plugins.sctmexecutor:sctmexecutor

CVE-2019-8331 Vulnerability in npm package bootstrap

CVE-2018-1000202 Vulnerability in maven package org.jvnet.hudson.plugins:groovy-postbuild

CVE-2020-27223 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2023-26476 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory