Description

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

Remediation

References

https://jenkins.io/security/advisory/2016-06-20/

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20

Related Vulnerabilities

CVE-2021-41182 Vulnerability in npm package jquery-ui

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12

CVE-2013-1966 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2015-8862 Vulnerability in maven package org.webjars.bower:mustache

CVE-2018-1999029 Vulnerability in maven package org.jenkins-ci.plugins:shelve-project-plugin

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory