PT-2018-9370 · Jenkins · Jenkins Groovy Postbuild Plugin+1

Published

2018-06-05

Updated

2022-05-14

CVE-2018-1000202

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Groovy Postbuild Plugin versions 2.3.1 and older

Description A persisted cross-site scripting issue exists in various Jelly files, allowing attackers who can control build badge content to define JavaScript that would be executed in another user's browser when that user performs certain UI actions.

Recommendations For versions 2.3.1 and older, update to a version newer than 2.3.1 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1000202

GHSA-38CH-X695-M794

Affected Products

Jenkins

Jenkins Groovy Postbuild Plugin

PT-2018-9370 · Jenkins · Jenkins Groovy Postbuild Plugin+1

CVE-2018-1000202

Weakness Enumeration

Related Identifiers

Affected Products

References · 4