CVE-2018-1000413

medium

Description

A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.

References

https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080

http://www.securityfocus.com/bid/106532

Details

Source: Mitre, NVD

Published: 2019-01-09

Updated: 2023-01-31

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

Detections

Analytics