Description

Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11

Related Vulnerabilities

CVE-2012-2098 Vulnerability in maven package org.apache.commons:commons-compress

CVE-2020-2109 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-cps

CVE-2011-3375 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2019-10298 Vulnerability in maven package org.jenkins-ci.plugins:koji

CVE-2020-27838 Vulnerability in maven package org.keycloak:keycloak-services

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory