PT-2018-9287 · Jenkins · Jenkins Cppncss Plugin+1

Oleg Nenashev

Published

2018-03-13

Updated

2022-05-14

CVE-2018-1000108

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Jenkins CppNCSS Plugin version 1.1 and earlier

Description: A cross-site scripting issue exists in the AbstractProjectAction/index.jelly file, allowing an attacker to create links to Jenkins URLs that execute arbitrary JavaScript code in the user's browser when accessed.

Recommendations: For Jenkins CppNCSS Plugin version 1.1 and earlier, consider disabling access to the AbstractProjectAction/index.jelly file until a patch is available. Restrict user interaction with potentially malicious links to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1000108

GHSA-XGMH-RVPW-6498

Affected Products

Jenkins

Jenkins Cppncss Plugin

PT-2018-9287 · Jenkins · Jenkins Cppncss Plugin+1

CVE-2018-1000108

Weakness Enumeration

Related Identifiers

Affected Products

References · 4