Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Related Vulnerabilities

CVE-2023-46652 Vulnerability in maven package org.jenkins-ci.plugins:lambdatest-automation

CVE-2023-48219 Vulnerability in npm package tinymce

CVE-2020-2092 Vulnerability in maven package org.jenkins-ci.plugins:robot

CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-services

CVE-2020-9482 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-core

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory