logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2013-2033 org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <1.509.1 || >=1.513 <1.514

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

EPSS: 0.00178 pctl0.39608

Details

Jenkins vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-14T01:52:20Z
Modified: 2023-02-08T17:54:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-826f-32qm-vm3j/GHSA-826f-32qm-vm3j.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-826f-32qm-vm3j
Finding: F425
Auto approve: 1