Published: 06/12/2017 Updated: 22/12/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.7 | Impact Score: 2.7 | Exploitability Score: 1.6

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Jenkins up to and including 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins jenkins

Jenkins through 293 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624 ...

CWE-79 https://jenkins.io/security/advisory/2017-12-05/http://vsintelli.com/portal/blog/23-security-advisory-2017-12-04 http://www.securityfocus.com/bid/102130 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-17383

CVE-2017-17383

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect