PT-2018-9316 · Jenkins · Jenkins Cucumber Living Documentation Plugin+1

Daniel Beck

Publicado

2018-04-05

Atualizado

2022-05-14

CVE-2018-1000144

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Cucumber Living Documentation Plugin versions 1.0.12 and older

Description A cross-site scripting issue exists in the CukedoctorBaseAction#doDynamic function, which disables Content-Security-Policy protection for archived artifacts and workspace files. This allows attackers who can control the content of these files to attack Jenkins users.

Recommendations For Jenkins Cucumber Living Documentation Plugin versions 1.0.12 and older, update to version 1.1.0 or newer, and change the Content-Security-Policy option in Jenkins as requested by the plugin.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-1000144

GHSA-Q7JX-R75R-HGJ2

Produtos afetados

Jenkins

Jenkins Cucumber Living Documentation Plugin

PT-2018-9316 · Jenkins · Jenkins Cucumber Living Documentation Plugin+1

CVE-2018-1000144

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5