Description

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

Remediation

References

https://jenkins.io/security/advisory/2016-06-20/

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20

Related Vulnerabilities

CVE-2023-0264 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2015-6524 Vulnerability in maven package org.apache.activemq:activemq-all

CVE-2022-33683 Vulnerability in maven package org.apache.pulsar:pulsar-proxy

CVE-2017-12629 Vulnerability in maven package org.apache.lucene:lucene-queryparser

CVE-2020-7013 Vulnerability in npm package kibana

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory