Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Related Vulnerabilities

CVE-2012-4387 Vulnerability in maven package com.opensymphony:xwork-core

CVE-2020-17523 Vulnerability in maven package org.apache.shiro:shiro-web

CVE-2021-21118 Vulnerability in maven package org.webjars.npm:electron

CVE-2019-10302 Vulnerability in maven package org.jenkins-ci.plugins:jira-ext

CVE-2014-7810 Vulnerability in maven package org.mortbay.jasper:apache-el

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory