CVE-2014-2067

Jenkins <1.551-1.532.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/91354

[Vendor Advisory] https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14

[Patch] https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014

[Mailing List] http://seclists.org/oss-sec/2014/q1/421

Scores

EPSS 0.0011

EPSS Percentile 29.3%

Details

CWE

CWE-79

Status published

Products (4)

jenkins/jenkins < 1.550

jenkins/jenkins < 1.532.1

org.jenkins-ci.main/jenkins-core < 1.551Maven

n/a/n/a

Published Mar 01, 2014

Tracked Since Feb 18, 2026