Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Related Vulnerabilities

CVE-2016-4430 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2018-6341 Vulnerability in npm package vue

CVE-2023-3481 Vulnerability in npm package critters

CVE-2022-41224 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-34396 Vulnerability in maven package org.apache.struts:struts2-core

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory