[MAVEN:GHSA-W5V7-Q2J4-FVPF] Jenkins Cross-site Scripting vulnerability

Severity Moderate

Affected Packages 2

Fixed Packages 2

CVEs 1

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.

Package	Affected Version
pkg:maven/org.jenkins-ci.main/jenkins-core	>= 1.600, < 1.606
pkg:maven/org.jenkins-ci.main/jenkins-core	< 1.596.2

Package	Fixed Version
pkg:maven/org.jenkins-ci.main/jenkins-core	= 1.606
pkg:maven/org.jenkins-ci.main/jenkins-core	= 1.596.2

ID

MAVEN:GHSA-W5V7-Q2J4-FVPF

Severity

moderate

URL

https://github.com/advisories/GHSA-w5v7-q2j4-fvpf

Published

2022-05-17T03:53:16
(2 years ago)

Modified

2024-03-22T05:00:53
(6 months ago)

Rights

Maven Security Team

Other Advisories

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2015-1812
			https://access.redhat.com/errata/RHSA-2016:0070
			https://bugzilla.redhat.com/show_bug.cgi?id=1205615
			https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
			http://rhn.redhat.com/errata/RHSA-2015-1844.html
			https://github.com/jenkinsci/jenkins/commit/f58ba6e72f978e2f73299e38a1b54ff70fc73fd8
			https://github.com/jenkinsci/jenkins/commit/f880d8d2cd9d46987ee3630fa04f77b17784f4e8
			https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd
			https://github.com/advisories/GHSA-w5v7-q2j4-fvpf

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	>= 1.600 < 1.606
Fixed	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	= 1.606
Affected	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	< 1.596.2
Fixed	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	= 1.596.2

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date