Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oZnBnLWdxanctNzc5bc4AAUDQ
Cross-site Scripting in Jolokia agent
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
Permalink: https://github.com/advisories/GHSA-hfpg-gqjw-779mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oZnBnLWdxanctNzc5bc4AAUDQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-hfpg-gqjw-779m, CVE-2018-1000129
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000129
- https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2018:3817
- https://jolokia.org/#Security_fixes_with_1.5.0
- https://github.com/rhuss/jolokia/releases/tag/v1.5.0
- https://github.com/advisories/GHSA-hfpg-gqjw-779m
Blast Radius: 23.7
Affected Packages
maven:org.jolokia:jolokia-core
Dependent packages: 243Dependent repositories: 7,599
Downloads:
Affected Version Ranges: >= 1.3.7, < 1.5.0
Fixed in: 1.5.0
All affected versions: 1.3.7, 1.4.0
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.5.0, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2