CVE-2018-1000202
Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting
5.4
MEDIUM
CVSS 3.1
EPSS 0.06%
Description
A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
How to fix CVE-2018-1000202
To remediate CVE-2018-1000202, upgrade the affected package to a fixed version below.
- —upgrade to 2.4 or later
Is CVE-2018-1000202 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |