Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building and deploying projects. The vulnerability is caused by the plugin’s failure to escape multiple fields in the chart configuration on the Global Build Stats page, which could be exploited to cause an XSS (stored cross-site scripting) attack.
CPE | Name | Operator | Version |
---|---|---|---|
jenkins global-build-stats plugin | le | 1.5 |