Fluid Attacks Database

Description

Jenkins Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.jenkins-ci.main:jenkins-core	>=0 <1.596.2 \|\| >=1.600 <1.606	1.596.2, 1.606

Aliases

1. CVE-2015-18122. NVD-2015-18123. OSV-2015-18124. GCVE-2015-18125. access.redhat.com

References

1. https://github.com/jenkinsci/jenkins/commit/f58ba6e72f978e2f73299e38a1b54ff70fc73fd82. https://github.com/jenkinsci/jenkins/commit/f880d8d2cd9d46987ee3630fa04f77b17784f4e83. https://github.com/jenkinsci/jenkins/commit/feb2703adb0c121705e5c8e9ddf8f663b6481cbd4. https://bugzilla.redhat.com/show_bug.cgi?id=12056155. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-236. http://rhn.redhat.com/errata/RHSA-2015-1844.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.