Description
Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
Remediation
References
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
Related Vulnerabilities
CVE-2018-20677 Vulnerability in maven package org.webjars:bootstrap
CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2022-36663 Vulnerability in maven package org.gluu:oxauth-common
CVE-2016-4432 Vulnerability in maven package org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol
CVE-2022-41249 Vulnerability in maven package com.meowlomo.jenkins:scm-httpclient