Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Related Vulnerabilities

CVE-2020-13933 Vulnerability in maven package org.apache.shiro:shiro-web

CVE-2023-30530 Vulnerability in maven package org.jenkins-ci.plugins:consul-kv-builder

CVE-2020-5427 Vulnerability in maven package org.springframework.cloud:spring-cloud-dataflow-server-core

CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-common

CVE-2020-2213 Vulnerability in maven package org.jenkins-ci.plugins:whitesource

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory