CVE-2018-1999007

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1999007

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1999007.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1999007

Aliases

GHSA-6456-xjm5-g3pg

Published

2018-07-23T19:29:00Z

Modified

2024-09-03T02:09:58.695606Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled.

References

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/jenkins
Events: Introduced

261ddc1c9a610bffa61b6e9f559a27c363216f6d

Last affected

85354aad981e4115f8f2d0c9e66b43c31dd22810

Last affected

8a653f84283b1729d0ecd25138d472de83af1b6d

Affected versions

jenkins-2.*

jenkins-2.122

jenkins-2.124

jenkins-2.125

jenkins-2.126

jenkins-2.127

jenkins-2.128

jenkins-2.129

jenkins-2.130

jenkins-2.131

jenkins-2.132