Jenkins Cross-site Scripting vulnerability

2022-05-1703:53:16

Google

osv.dev

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.7%

JSON

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.

CPENameOperatorVersion
org.jenkins-ci.main:jenkins-coreeq1.495
org.jenkins-ci.main:jenkins-coreeq1.537
org.jenkins-ci.main:jenkins-coreeq1.489
org.jenkins-ci.main:jenkins-coreeq1.563
org.jenkins-ci.main:jenkins-coreeq1.532.3.JENKINS-22395-2
org.jenkins-ci.main:jenkins-coreeq1.455
org.jenkins-ci.main:jenkins-coreeq1.453
org.jenkins-ci.main:jenkins-coreeq1.407
org.jenkins-ci.main:jenkins-coreeq1.510
org.jenkins-ci.main:jenkins-coreeq1.516

Name	Operator	Version
org.jenkins-ci.main:jenkins-core	eq	1.495
org.jenkins-ci.main:jenkins-core	eq	1.537
org.jenkins-ci.main:jenkins-core	eq	1.489
org.jenkins-ci.main:jenkins-core	eq	1.563
org.jenkins-ci.main:jenkins-core	eq	1.532.3.JENKINS-22395-2
org.jenkins-ci.main:jenkins-core	eq	1.455
org.jenkins-ci.main:jenkins-core	eq	1.453
org.jenkins-ci.main:jenkins-core	eq	1.407
org.jenkins-ci.main:jenkins-core	eq	1.510
org.jenkins-ci.main:jenkins-core	eq	1.516