Description
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Remediation
References
https://jenkins.io/security/advisory/2018-04-16/
Related Vulnerabilities
CVE-2019-10247 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2021-33036 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-server-common
CVE-2017-1000118 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12
CVE-2022-24728 Vulnerability in npm package ckeditor4
CVE-2023-3315 Vulnerability in maven package org.jenkins-ci.plugins:teamconcert