Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14M3AzLTkyOWotcHE2Ns4AAdTU
Improper Neutralization of Input During Web Page Generation in Jenkins
Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
Permalink: https://github.com/advisories/GHSA-x3p3-929j-pq66JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14M3AzLTkyOWotcHE2Ns4AAdTU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 27 days ago
CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-x3p3-929j-pq66, CVE-2015-7536
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-7536
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
- https://github.com/jenkinsci/jenkins/commit/27c303417a226bf4c06a588570f28ac2e2507c6c
- https://github.com/jenkinsci/jenkins/commit/d3fb2c09f29007dce84a213ae8323df1105dcc30
- https://github.com/advisories/GHSA-x3p3-929j-pq66
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: < 1.625.2, >= 1.626, < 1.640Fixed in: 1.625.2, 1.640