PT-2018-9347 · Jenkins · Jenkins S3 Plugin+1

Oleg Nenashev

Publicado

2018-05-08

Atualizado

2022-05-14

CVE-2018-1000177

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins S3 Plugin versions 0.10.12 and older

Description A cross-site scripting issue exists that allows attackers to define file names containing JavaScript, which would be executed in another user's browser when that user performs certain UI actions, by controlling file names of uploaded files.

Recommendations For Jenkins S3 Plugin versions 0.10.12 and older, update to a version newer than 0.10.12 to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-1000177

GHSA-3892-QQV6-H2QM

Produtos afetados

Jenkins

Jenkins S3 Plugin

PT-2018-9347 · Jenkins · Jenkins S3 Plugin+1

CVE-2018-1000177

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4