PT-2015-6859 · Cloudbees+1 · Jenkins

Plastunov Andrey

·

Publicado

2015-11-25

·

Atualizado

2022-05-13

·

CVE-2015-5326

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 1.638 Jenkins LTS versions prior to 1.625.2
Description A cross-site scripting (XSS) issue exists in the slave overview page, allowing remote authenticated users with specific permissions to inject arbitrary web script or HTML via the slave offline status message.
Recommendations For Jenkins versions prior to 1.638, update to version 1.638 or later. For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2015-5326
GHSA-5MWR-JG3R-JV66
RHSA-2016:0070
RHSA-2016:0489

Produtos afetados

Jenkins