CVE-2018-1000177
MEDIUM5.4EPSS 0.06%Stored XSS vulnerability in Jenkins S3 Publisher Plugin
Published: 5/14/2022Modified: 2/18/2024
Also known as:GHSA-3892-qqv6-h2qm
Description
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Affected packages (1)
- Maven/org.jenkins-ci.plugins:s3from 0, < 0.11.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |