CVE-2017-1000088
MEDIUMSidebar Link Plugin < 1.8 - Stored Cross-Site Scripting via Sidebar Link Configuration
Title source: llmDescription
The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2017-07-10/
Scores
CVSS v3
5.4
EPSS
0.0006
EPSS Percentile
18.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
jenkins/sidebar_link
< 1.8
org.jenkins-ci.plugins/sidebar-link
0 - 1.9Maven
Published
Oct 05, 2017
Tracked Since
Feb 18, 2026