Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Related Vulnerabilities

CVE-2021-21162 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-26513 Vulnerability in maven package org.apache.sling:org.apache.sling.resourcemerger

CVE-2012-0047 Vulnerability in maven package org.apache.wicket:wicket

CVE-2014-0112 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2019-1003045 Vulnerability in maven package de.eacg:ecs-publisher

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory