CVE-2018-1000413
N/A
N/A
Summary
A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/106532
- https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080
References
- http://www.securityfocus.com/bid/106532
- https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.