CVE-2018-1000415

2019-01-0923:29:02

Google

osv.dev

5.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms.

CPENameOperatorVersion
rebuild-plugineqrebuild-1.12
rebuild-plugineqrebuild-1.5
rebuild-plugineqrebuild-1.18
rebuild-plugineqrebuild-1.25
rebuild-plugineqrebuild-1.7
rebuild-plugineqrebuild-1.10
rebuild-plugineqrebuild-1.16
rebuild-plugineqrebuild-1.21
rebuild-plugineqrebuild-1.11
rebuild-plugineqrebuild-1.14

Name	Operator	Version
rebuild-plugin	eq	rebuild-1.12
rebuild-plugin	eq	rebuild-1.5
rebuild-plugin	eq	rebuild-1.18
rebuild-plugin	eq	rebuild-1.25
rebuild-plugin	eq	rebuild-1.7
rebuild-plugin	eq	rebuild-1.10
rebuild-plugin	eq	rebuild-1.16
rebuild-plugin	eq	rebuild-1.21
rebuild-plugin	eq	rebuild-1.11
rebuild-plugin	eq	rebuild-1.14