Persisted Cross-Site Scripting in Jenkins Affected by Improper Input Handling
CVE-2017-2610
5.4MEDIUM
What is CVE-2017-2610?
Jenkins, a widely used automation server, is affected by a vulnerability that allows for persisted cross-site scripting attacks. This issue arises from faulty user input handling, where user names containing less-than and greater-than characters are not properly escaped. As a result, an attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's browser session, potentially leading to unauthorized actions or data exposure.
Affected Version(s)
jenkins jenkins 2.44
jenkins jenkins 2.32.2