CVE-2015-7536 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.626 <1.640 || >=0 <1.625.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00207 pctl0.43141

Details

Improper Neutralization of Input During Web Page Generation in Jenkins Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Metadata

Created: 2022-05-17T03:53:41Z
Modified: 2024-03-13T15:00:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x3p3-929j-pq66/GHSA-x3p3-929j-pq66.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-x3p3-929j-pq66
Finding: F425
Auto approve: 1