Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Related Vulnerabilities

CVE-2023-37478 Vulnerability in npm package @pnpm/linux-arm64

CVE-2019-1003041 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2014-7816 Vulnerability in maven package io.undertow:undertow-core

CVE-2020-24590 Vulnerability in maven package org.wso2.carbon.governance:org.wso2.carbon.governance.generic

CVE-2022-45389 Vulnerability in maven package com.cloudbees.jenkins.plugins:xpdev

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory