PT-2015-6859 · Cloudbees+1 · Jenkins

Plastunov Andrey

Published

2015-11-25

Updated

2022-05-13

CVE-2015-5326

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 1.638 Jenkins LTS versions prior to 1.625.2

Description A cross-site scripting (XSS) issue exists in the slave overview page, allowing remote authenticated users with specific permissions to inject arbitrary web script or HTML via the slave offline status message.

Recommendations For Jenkins versions prior to 1.638, update to version 1.638 or later. For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-5326

GHSA-5MWR-JG3R-JV66

RHSA-2016:0070

RHSA-2016:0489

Affected Products

Jenkins

PT-2015-6859 · Cloudbees+1 · Jenkins

CVE-2015-5326

Weakness Enumeration

Related Identifiers

Affected Products

References · 7