CVE-2018-1000413

Name of the Vulnerable Software and Affected Versions Jenkins Config File Provider Plugin versions 3.1 and earlier

Description A cross-site scripting issue exists in the configfiles.jelly and providerlist.jelly files, allowing users who can configure configuration files to insert arbitrary HTML into some Jenkins pages.

Recommendations For Jenkins Config File Provider Plugin versions 3.1 and earlier, update to a version later than 3.1 to resolve the issue. As a temporary workaround, consider restricting access to the configfiles.jelly and providerlist.jelly files to minimize the risk of exploitation.