Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Related Vulnerabilities

CVE-2013-1966 Vulnerability in maven package com.opensymphony:xwork-core

CVE-2018-6874 Vulnerability in maven package org.webjars.bower:auth0-lock

CVE-2017-3161 Vulnerability in maven package org.apache.hadoop:hadoop-hdfs

CVE-2021-25122 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2021-30179 Vulnerability in maven package org.apache.dubbo:dubbo

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory