Vulnerability CVE-2017-1000102


Published: 2017-10-04   Modified: 2017-10-05

Description:
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Jenkins -> Static analysis utilities 

 References:
http://www.securityfocus.com/bid/101061
https://jenkins.io/security/advisory/2017-08-07/

Copyright 2020, cxsecurity.com

 

Back to Top