Description

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://osvdb.org/100106

http://secunia.com/advisories/55783

https://wiki.jenkins-ci.org/display/JENKINS/Build+Failure+Analyzer

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20

Related Vulnerabilities

CVE-2011-1475 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2016-6636 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login

CVE-2018-1114 Vulnerability in maven package io.undertow:undertow-core

CVE-2022-36096 Vulnerability in maven package org.xwiki.platform:xwiki-platform-index-ui

CVE-2023-29210 Vulnerability in maven package org.xwiki.platform:xwiki-platform-notifications-ui

Severity

Critical

Classification

CWE-79

Tags

Vendor Advisory