CVE-2015-5326
Jenkins < 1.638 and LTS < 1.625.2 - Authenticated Cross-Site Scripting via Slave Offline Status Message
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0489.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:0070
Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
Scores
EPSS
0.0009
EPSS Percentile
25.6%
Details
CWE
CWE-79
Status
published
Products (5)
jenkins/jenkins
< 1.625.1
jenkins/jenkins
< 1.637
org.jenkins-ci.main/jenkins-core
0 - 1.625.2Maven
redhat/openshift
2.0
redhat/openshift
< 3.1
Published
Nov 25, 2015
Tracked Since
Feb 18, 2026