CVE-2018-1000415

描述

A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in ``` RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly ``` that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms.

如何修補 CVE-2018-1000415

要修補 CVE-2018-1000415,請將受影響套件升級到下列已修補版本。

• —升級至 1.29 或更新版本

CVE-2018-1000415 正在被利用嗎?

低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 1.29

CVSS 分數

參考連結(4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-1000415
• WEBgithub.com/jenkinsci/rebuild-plugin/commit/3a4ca33a45fa048c9ab7b7082f87e72c0df848cb
• WEBjenkins.io/security/advisory/2018-09-25/#SECURITY-130
• WEBwww.securityfocus.com/bid/106532