Description

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

Remediation

References

https://jenkins.io/security/advisory/2016-06-20/

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20

Related Vulnerabilities

CVE-2022-33140 Vulnerability in maven package org.apache.nifi:nifi-shell-authorizer

CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-api

CVE-2022-41932 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2012-0213 Vulnerability in maven package org.apache.poi:poi-scratchpad

CVE-2021-21607 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory