CVE-2018-1000604

Name of the Vulnerable Software and Affected Versions Jenkins Badge Plugin versions 1.4 and earlier

Description A persisted cross-site scripting issue exists in the Jenkins Badge Plugin, specifically in BadgeSummaryAction.java and HtmlBadgeAction.java, allowing attackers who can control build badge content to define JavaScript that would be executed in another user's browser when that user performs certain UI actions.

Recommendations For Jenkins Badge Plugin versions 1.4 and earlier, update to version 1.5 or newer, which sanitizes the provided HTML for display on the Jenkins web UI.