CVE-2017-1000088

CVSS v3.0 5.4 (Medium)

CVSS v2.0 3.5 (Low)

EPSS 0.05 % (22^th)

Affected Products 1

Advisories 1

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-10-05 01:29:03
(7 years ago)
Updated Date: 2017-11-02 15:08:35
(6 years ago)

Affected Products

Jenkins

Sidebar Link

Configuration #1

		CPE23	From	Up To
	Jenkins Sidebar Link for Jenkins 1.8 and prior versions	cpe:2.3:a:jenkins:sidebar_link::::::jenkins		<= 1.8