CVE-2012-6074 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.481 <1.491 || >=0 <1.480.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00225 pctl0.45201

Details

Jenkins allows Cross-Site Scripting (XSS) Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-14T02:13:37Z
Modified: 2025-03-13T17:57:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hr6-5x6g-gg5g/GHSA-9hr6-5x6g-gg5g.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9hr6-5x6g-gg5g
Finding: F425
Auto approve: 1