Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13NXY3LXEyajQtZnZwZs4AAdS1
Jenkins Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.
Permalink: https://github.com/advisories/GHSA-w5v7-q2j4-fvpfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NXY3LXEyajQtZnZwZs4AAdS1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 month ago
Identifiers: GHSA-w5v7-q2j4-fvpf, CVE-2015-1812
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-1812
- https://access.redhat.com/errata/RHSA-2016:0070
- https://bugzilla.redhat.com/show_bug.cgi?id=1205615
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
- http://rhn.redhat.com/errata/RHSA-2015-1844.html
- https://github.com/jenkinsci/jenkins/commit/f58ba6e72f978e2f73299e38a1b54ff70fc73fd8
- https://github.com/jenkinsci/jenkins/commit/f880d8d2cd9d46987ee3630fa04f77b17784f4e8
- https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd
- https://github.com/advisories/GHSA-w5v7-q2j4-fvpf
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 1.600, < 1.606, < 1.596.2Fixed in: 1.606, 1.596.2