Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04MjZmLTMycW0tdm0zas4AAUqE
Jenkins vulnerable to Cross-site Scripting
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-826f-32qm-vm3jJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04MjZmLTMycW0tdm0zas4AAUqE
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-826f-32qm-vm3j, CVE-2013-2033
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-2033
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84004
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
- https://access.redhat.com/errata/RHEA-2013:1032
- https://access.redhat.com/security/cve/CVE-2013-2033
- https://bugzilla.redhat.com/show_bug.cgi?id=958957
- https://issues.jenkins-ci.org/browse/SECURITY-67
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02
- https://github.com/advisories/GHSA-826f-32qm-vm3j
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 1.513, < 1.514, < 1.509.1Fixed in: 1.514, 1.509.1