PT-2018-9287 · Jenkins · Jenkins Cppncss Plugin+1

Oleg Nenashev

Publicado

2018-03-13

Atualizado

2022-05-14

CVE-2018-1000108

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Jenkins CppNCSS Plugin version 1.1 and earlier

Description: A cross-site scripting issue exists in the AbstractProjectAction/index.jelly file, allowing an attacker to create links to Jenkins URLs that execute arbitrary JavaScript code in the user's browser when accessed.

Recommendations: For Jenkins CppNCSS Plugin version 1.1 and earlier, consider disabling access to the AbstractProjectAction/index.jelly file until a patch is available. Restrict user interaction with potentially malicious links to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-1000108

GHSA-XGMH-RVPW-6498

Produtos afetados

Jenkins

Jenkins Cppncss Plugin

PT-2018-9287 · Jenkins · Jenkins Cppncss Plugin+1

CVE-2018-1000108

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4