Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
References
Link | Resource |
---|---|
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20 | Vendor Advisory |
https://jenkins.io/security/advisory/2016-06-20/ | Vendor Advisory |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20 | Vendor Advisory |
Configurations
History
21 Nov 2024, 02:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20 - Vendor Advisory |
Information
Published : 2017-02-09 15:59
Updated : 2024-11-21 02:53
NVD link : CVE-2016-4988
Mitre link : CVE-2016-4988
CVE.ORG link : CVE-2016-4988
JSON object : View
Products Affected
jenkins
- build_failure_analyzer
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')