Lucene search

GitHub Advisory DatabaseGHSA-VJ6Q-V2H7-6Q5M

HistoryMay 17, 2022 - 1:26 a.m.

Jenkins cross-site scripting (XSS) vulnerability

2022-05-1701:26:46

CWE-79

GitHub Advisory Database

github.com

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.4%

JSON

Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a “remote cause note.”

Affected configurations

Vulners

Node

org.jenkins-ci.main\Matchjenkins-core

CPENameOperatorVersion
org.jenkins-ci.main:jenkins-corelt1.532.2
org.jenkins-ci.main:jenkins-corelt1.551

CPE	Name	Operator	Version
	org.jenkins-ci.main:jenkins-core	lt	1.532.2
	org.jenkins-ci.main:jenkins-core	lt	1.551

References

seclists.org/oss-sec/2014/q1/421

exchange.xforce.ibmcloud.com/vulnerabilities/91354

github.com/advisories/GHSA-vj6q-v2h7-6q5m

github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014

nvd.nist.gov/vuln/detail/CVE-2014-2067

wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.4%

JSON

Related for GHSA-VJ6Q-V2H7-6Q5M