PT-2018-9347 · Jenkins · Jenkins S3 Plugin+1

Oleg Nenashev

Published

2018-05-08

Updated

2022-05-14

CVE-2018-1000177

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins S3 Plugin versions 0.10.12 and older

Description A cross-site scripting issue exists that allows attackers to define file names containing JavaScript, which would be executed in another user's browser when that user performs certain UI actions, by controlling file names of uploaded files.

Recommendations For Jenkins S3 Plugin versions 0.10.12 and older, update to a version newer than 0.10.12 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1000177

GHSA-3892-QQV6-H2QM

Affected Products

Jenkins

Jenkins S3 Plugin

PT-2018-9347 · Jenkins · Jenkins S3 Plugin+1

CVE-2018-1000177

Weakness Enumeration

Related Identifiers

Affected Products

References · 4