Jenkins cross-site scripting (XSS) vulnerability

2022-05-1701:26:46

Google

osv.dev

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.4%

JSON

Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a “remote cause note.”

CPENameOperatorVersion
org.jenkins-ci.main:jenkins-coreeq1.500
org.jenkins-ci.main:jenkins-coreeq1.488
org.jenkins-ci.main:jenkins-coreeq1.442
org.jenkins-ci.main:jenkins-coreeq1.424
org.jenkins-ci.main:jenkins-coreeq1.510
org.jenkins-ci.main:jenkins-coreeq1.456
org.jenkins-ci.main:jenkins-coreeq1.509.4
org.jenkins-ci.main:jenkins-coreeq1.498
org.jenkins-ci.main:jenkins-coreeq1.429
org.jenkins-ci.main:jenkins-coreeq1.447

Name	Operator	Version
org.jenkins-ci.main:jenkins-core	eq	1.500
org.jenkins-ci.main:jenkins-core	eq	1.488
org.jenkins-ci.main:jenkins-core	eq	1.442
org.jenkins-ci.main:jenkins-core	eq	1.424
org.jenkins-ci.main:jenkins-core	eq	1.510
org.jenkins-ci.main:jenkins-core	eq	1.456
org.jenkins-ci.main:jenkins-core	eq	1.509.4
org.jenkins-ci.main:jenkins-core	eq	1.498
org.jenkins-ci.main:jenkins-core	eq	1.429
org.jenkins-ci.main:jenkins-core	eq	1.447