PT-2018-9370 · Jenkins · Jenkins Groovy Postbuild Plugin+1

Publicado

2018-06-05

Atualizado

2022-05-14

CVE-2018-1000202

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Groovy Postbuild Plugin versions 2.3.1 and older

Description A persisted cross-site scripting issue exists in various Jelly files, allowing attackers who can control build badge content to define JavaScript that would be executed in another user's browser when that user performs certain UI actions.

Recommendations For versions 2.3.1 and older, update to a version newer than 2.3.1 to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-1000202

GHSA-38CH-X695-M794

Produtos afetados

Jenkins

Jenkins Groovy Postbuild Plugin

PT-2018-9370 · Jenkins · Jenkins Groovy Postbuild Plugin+1

CVE-2018-1000202

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4