Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
References
Link | Resource |
---|---|
http://osvdb.org/92982 | Broken Link |
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/84004 | VDB Entry |
Configurations
History
No history.
Information
Published : 2014-04-10 20:29
Updated : 2024-02-28 12:20
NVD link : CVE-2013-2033
Mitre link : CVE-2013-2033
CVE.ORG link : CVE-2013-2033
JSON object : View
Products Affected
jenkins
- jenkins
cloudbees
- jenkins
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')