Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03dzg5LXFxeHgtYzYycs4AAQ3J
Cross-site Scripting in Jenkins Build Failure Analyzer plugin
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
Permalink: https://github.com/advisories/GHSA-7w89-qqxx-c62rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03dzg5LXFxeHgtYzYycs4AAQ3J
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Percentage: 0.00131
EPSS Percentile: 0.4953
Identifiers: GHSA-7w89-qqxx-c62r, CVE-2016-4988
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-4988
- https://jenkins.io/security/advisory/2016-06-20/
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
- https://github.com/advisories/GHSA-7w89-qqxx-c62r
Affected Packages
maven:com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Affected Version Ranges: < 1.16.0Fixed in: 1.16.0