CVE-2015-7536
MEDIUM5.4EPSS 0.29%Improper Neutralization of Input During Web Page Generation in Jenkins
發布日:2022/5/17修改日:2024/3/13
描述
Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
受影響套件(1)
- Maven/org.jenkins-ci.main:jenkins-core>= 1.626, < 1.640
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-7536
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttps://github.com/jenkinsci/jenkins/commit/27c303417a226bf4c06a588570f28ac2e2507c6c
- WEBhttps://github.com/jenkinsci/jenkins/commit/d3fb2c09f29007dce84a213ae8323df1105dcc30
- WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09