5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
29.5%
Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
CPE | Name | Operator | Version |
---|---|---|---|
jenkins:pipeline\:_job | jenkins pipeline: job | le | 1292.v27d8cc3e2602 |
[
{
"defaultStatus": "affected",
"product": "Jenkins Pipeline: Job Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1295.v395eb_7400005",
"versionType": "maven"
},
{
"lessThan": "1289.*",
"status": "unaffected",
"version": "1289.1291.vb_7c188e7e7df",
"versionType": "maven"
},
{
"lessThan": "1207.*",
"status": "unaffected",
"version": "1207.1209.v69351208a_5a_7",
"versionType": "maven"
}
]
}
]