Veracode Vulnerability DatabaseVERACODE:16490Cross-site Scripting (XSS)
0.002 Low
EPSS
Percentile
60.4%
jenkins is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into victim’s browser to steal session tokens or perform unwanted actions on behalf of the user.
References
rhn.redhat.com/errata/RHSA-2015-1844.html
access.redhat.com/errata/RHSA-2016:0070
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1062253
bugzilla.redhat.com/show_bug.cgi?id=1128567
bugzilla.redhat.com/show_bug.cgi?id=1130028
bugzilla.redhat.com/show_bug.cgi?id=1138522
bugzilla.redhat.com/show_bug.cgi?id=1152524
bugzilla.redhat.com/show_bug.cgi?id=1160699
bugzilla.redhat.com/show_bug.cgi?id=1171815
bugzilla.redhat.com/show_bug.cgi?id=1191283
bugzilla.redhat.com/show_bug.cgi?id=1197123
bugzilla.redhat.com/show_bug.cgi?id=1197576
bugzilla.redhat.com/show_bug.cgi?id=1205615
bugzilla.redhat.com/show_bug.cgi?id=1216206
bugzilla.redhat.com/show_bug.cgi?id=1217572
bugzilla.redhat.com/show_bug.cgi?id=1221931
bugzilla.redhat.com/show_bug.cgi?id=1225943
bugzilla.redhat.com/show_bug.cgi?id=1226061
bugzilla.redhat.com/show_bug.cgi?id=1227501
bugzilla.redhat.com/show_bug.cgi?id=1228373
bugzilla.redhat.com/show_bug.cgi?id=1229300
bugzilla.redhat.com/show_bug.cgi?id=1232827
bugzilla.redhat.com/show_bug.cgi?id=1232921
bugzilla.redhat.com/show_bug.cgi?id=1241750
bugzilla.redhat.com/show_bug.cgi?id=1257757
bugzilla.redhat.com/show_bug.cgi?id=1264039
bugzilla.redhat.com/show_bug.cgi?id=1264210
bugzilla.redhat.com/show_bug.cgi?id=1264216
rhn.redhat.com/errata/RHSA-2015-1844.html
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
Related
