Description
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0220.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/12/28/1
Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=890612
Various Sources x_refsource_confirm
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
Scores
EPSS
0.0010
EPSS Percentile
28.0%
Details
CWE
CWE-79
Status
published
Products (50)
cloudbees/jenkins
1.447.1.1
cloudbees/jenkins
1.447.2.2
cloudbees/jenkins
1.447.3.1
cloudbees/jenkins
1.424.0.2
cloudbees/jenkins
1.424.0.4
cloudbees/jenkins
1.424.1.1
cloudbees/jenkins
1.424.2.1
cloudbees/jenkins
1.424.4.1
cloudbees/jenkins
1.424.5.1
cloudbees/jenkins
1.424.6.1
... and 40 more
Published
Feb 24, 2013
Tracked Since
Feb 18, 2026