CVE-2018-1000416

2019-01-0923:29:02

Google

osv.dev

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access.

CPENameOperatorVersion
jobconfighistory-plugineqjobConfigHistory-2.12
jobconfighistory-plugineqjobConfigHistory-1.6
jobconfighistory-plugineqjobConfigHistory-2.3
jobconfighistory-plugineqjobConfigHistory-1.13
jobconfighistory-plugineqjobConfigHistory-2.13
jobconfighistory-plugineqjobConfigHistory-2.0
jobconfighistory-plugineqjobConfigHistory-1.12
jobconfighistory-plugineqjobConfigHistory-1.10
jobconfighistory-plugineqjobConfigHistory-1.9
jobconfighistory-plugineqjobConfigHistory-2.8

Name	Operator	Version
jobconfighistory-plugin	eq	jobConfigHistory-2.12
jobconfighistory-plugin	eq	jobConfigHistory-1.6
jobconfighistory-plugin	eq	jobConfigHistory-2.3
jobconfighistory-plugin	eq	jobConfigHistory-1.13
jobconfighistory-plugin	eq	jobConfigHistory-2.13
jobconfighistory-plugin	eq	jobConfigHistory-2.0
jobconfighistory-plugin	eq	jobConfigHistory-1.12
jobconfighistory-plugin	eq	jobConfigHistory-1.10
jobconfighistory-plugin	eq	jobConfigHistory-1.9
jobconfighistory-plugin	eq	jobConfigHistory-2.8