Description

Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11

Related Vulnerabilities

CVE-2016-3084 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-scim

CVE-2017-5641 Vulnerability in maven package com.adobe.blazeds:flex-messaging-core

CVE-2020-2225 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project

CVE-2020-14446 Vulnerability in maven package org.wso2.carbon.identity.framework:org.wso2.carbon.identity.entitlement.ui

CVE-2020-1744 Vulnerability in maven package org.keycloak:keycloak-services

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory