The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and previous versions and Jenkins LTS 2.164.1 and previous versions, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins jenkins |
||
oracle communications cloud native core automated test suite 1.9.0 |
||
redhat openshift container platform 3.11 |