CVE-2017-1000404

2018-01-2602:29:01

Google

osv.dev

0.001 Low

EPSS

Percentile

32.9%

JSON

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter ‘fullscreen’ in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.

CPENameOperatorVersion
delivery-pipeline-plugineqdelivery-pipeline-plugin-0.8.11
delivery-pipeline-plugineqdelivery-pipeline-plugin-0.5
delivery-pipeline-plugineqrelease-0.10.2
delivery-pipeline-plugineqrelease-1.0.0
delivery-pipeline-plugineqrelease-1.0.6
delivery-pipeline-plugineqdelivery-pipeline-plugin-0.6.9
delivery-pipeline-plugineqdelivery-pipeline-plugin-0.10.1rc10
delivery-pipeline-plugineqrelease-0.10.1rc7
delivery-pipeline-plugineqdelivery-pipeline-plugin-0.7.0
delivery-pipeline-plugineqdelivery-pipeline-plugin-0.6.1

Name	Operator	Version
delivery-pipeline-plugin	eq	delivery-pipeline-plugin-0.8.11
delivery-pipeline-plugin	eq	delivery-pipeline-plugin-0.5
delivery-pipeline-plugin	eq	release-0.10.2
delivery-pipeline-plugin	eq	release-1.0.0
delivery-pipeline-plugin	eq	release-1.0.6
delivery-pipeline-plugin	eq	delivery-pipeline-plugin-0.6.9
delivery-pipeline-plugin	eq	delivery-pipeline-plugin-0.10.1rc10
delivery-pipeline-plugin	eq	release-0.10.1rc7
delivery-pipeline-plugin	eq	delivery-pipeline-plugin-0.7.0
delivery-pipeline-plugin	eq	delivery-pipeline-plugin-0.6.1