← Retour aux CVEs

CVE-2018-1999007

MEDIUM

5.4

Description

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled.

Details CVE

Score CVSS v3.15.4

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurREQUIRED

Publie7/23/2018

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

jenkins:jenkinsoracle:communications_cloud_native_core_automated_test_suite

Faiblesses (CWE)

CWE-79

References

https://jenkins.io/security/advisory/2018-07-18/#SECURITY-390(cve@mitre.org)

https://www.oracle.com/security-alerts/cpuapr2022.html(cve@mitre.org)

https://jenkins.io/security/advisory/2018-07-18/#SECURITY-390(af854a3a-2127-422b-91ae-364da2661108)

https://www.oracle.com/security-alerts/cpuapr2022.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.