Description

Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11

Related Vulnerabilities

CVE-2022-33682 Vulnerability in maven package org.apache.pulsar:pulsar-proxy

CVE-2022-34790 Vulnerability in maven package org.jenkins-ci.plugins:xfpanel

CVE-2022-25186 Vulnerability in maven package com.datapipe.jenkins.plugins:hashicorp-vault-plugin

CVE-2017-7677 Vulnerability in maven package org.apache.ranger:ranger-hive-utils

CVE-2016-0760 Vulnerability in maven package org.apache.sentry:sentry-binding-hive

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory