Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Related Vulnerabilities

CVE-2019-17513 Vulnerability in maven package io.ratpack:ratpack-core

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_native0.4_3

CVE-2019-13416 Vulnerability in maven package com.floragunn:search-guard-6

CVE-2016-4432 Vulnerability in maven package org.apache.qpid:qpid-broker-plugins-amqp-0-10-protocol

CVE-2018-18282 Vulnerability in npm package next

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory