CVE-2018-1000426

2019-01-0923:29:02

Google

osv.dev

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.5%

JSON

A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages.

CPENameOperatorVersion
git-changelog-plugineqgit-changelog-1.16
git-changelog-plugineqgit-changelog-1.36
git-changelog-plugineqgit-changelog-1.25
git-changelog-plugineqgit-changelog-1.49
git-changelog-plugineqgit-changelog-2.1
git-changelog-plugineqgit-changelog-1.7
git-changelog-plugineq1.0
git-changelog-plugineqgit-changelog-1.38
git-changelog-plugineqgit-changelog-1.19
git-changelog-plugineqgit-changelog-1.27

Name	Operator	Version
git-changelog-plugin	eq	git-changelog-1.16
git-changelog-plugin	eq	git-changelog-1.36
git-changelog-plugin	eq	git-changelog-1.25
git-changelog-plugin	eq	git-changelog-1.49
git-changelog-plugin	eq	git-changelog-2.1
git-changelog-plugin	eq	git-changelog-1.7
git-changelog-plugin	eq	1.0
git-changelog-plugin	eq	git-changelog-1.38
git-changelog-plugin	eq	git-changelog-1.19
git-changelog-plugin	eq	git-changelog-1.27