A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
References
| Link | Resource |
|---|---|
| https://jenkins.io/security/advisory/2018-04-16/ | Vendor Advisory |
| https://jenkins.io/security/advisory/2018-04-16/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:39
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://jenkins.io/security/advisory/2018-04-16/ - Vendor Advisory |
Information
Published : 2018-05-08 15:29
Updated : 2024-11-21 03:39
NVD link : CVE-2018-1000177
Mitre link : CVE-2018-1000177
CVE.ORG link : CVE-2018-1000177
JSON object : View
Products Affected
jenkins
- s3_publisher
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')