Cross-Site Scripting Vulnerability in Jenkins Config File Provider Plugin
CVE-2018-1000413

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Config File Provider
Vendor: CVE Published:; 9 January 2019

Summary

A cross-site scripting vulnerability is present in the Jenkins Config File Provider Plugin versions 3.1 and earlier. This flaw enables authenticated users with permissions to configure configuration files to inject arbitrary HTML content into specific Jenkins pages, potentially leading to malicious scripts being executed in the browser of unsuspecting users.

References

http://www.securityfocus.com/bid/106532

vdb-entryx_refsource_BID

https://jenkins.io/security/advisory/2018-09-25/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 9, 2019
Vulnerability Reserved
Jan 9, 2019