Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13M3I0LXZ4OXctZjdwN84AATQb
Jenkins Job Config History Plugin reflected XSS vulnerability
A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access.
Permalink: https://github.com/advisories/GHSA-w3r4-vx9w-f7p7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13M3I0LXZ4OXctZjdwN84AATQb
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 4 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-w3r4-vx9w-f7p7, CVE-2018-1000416
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000416
- https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1130
- http://www.securityfocus.com/bid/106532
- https://github.com/jenkinsci/job-config-history-plugin/commit/38ea4ed7e3527c2ce525dacf578036adffbf430e
- https://github.com/advisories/GHSA-w3r4-vx9w-f7p7
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:jobConfigHistory
Affected Version Ranges: <= 2.18Fixed in: 2.18.1