Persisted Cross-Site Scripting in Jenkins Affected by Improper Input Handling
CVE-2017-2610

5.4MEDIUM

Key Information:

Vendor

[unknown]

Status
Jenkins
Vendor
CVE Published:
15 May 2018

What is CVE-2017-2610?

Jenkins, a widely used automation server, is affected by a vulnerability that allows for persisted cross-site scripting attacks. This issue arises from faulty user input handling, where user names containing less-than and greater-than characters are not properly escaped. As a result, an attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's browser session, potentially leading to unauthorized actions or data exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

jenkins jenkins 2.44

jenkins jenkins 2.32.2

References

https://jenkins.io/security/advisory/2017-02-01/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95951
vdb-entryx_refsource_BID
https://github.com/jenkinsci/jenkins/commit/307ed31caba68...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.