CVE-2016-3101 – org.jenkins-ci.plugins:extra-columns

Package

Manager: maven
Name: org.jenkins-ci.plugins:extra-columns
Vulnerable Version: >=0 <1.17

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00178 pctl0.39705

Details

Jenkins Extra Columns Plugin allows Cross-Site Scripting (XSS) Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter.

Metadata

Created: 2022-05-13T01:30:58Z
Modified: 2025-03-13T17:58:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mr4j-7jjv-24m7/GHSA-mr4j-7jjv-24m7.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-mr4j-7jjv-24m7
Finding: F008
Auto approve: 1