Description

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

Remediation

References

https://jenkins.io/security/advisory/2016-06-20/

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20

Related Vulnerabilities

CVE-2023-29511 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui

CVE-2019-10387 Vulnerability in maven package com.xebialabs.xlt.ci:xltestview-plugin

CVE-2018-1999039 Vulnerability in maven package org.jenkins-ci.plugins:confluence-publisher

CVE-2020-26882 Vulnerability in maven package com.typesafe.play:play-java

CVE-2022-42468 Vulnerability in maven package org.apache.flume.flume-ng-sources:flume-jms-source

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory