CVE-2013-2033 — Cross-site Scripting in Jenkins

CWE-79 — Cross-site Scripting7 documents7 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 60.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudbees Jenkins Jenkins

Timeline

PublishedApr 10

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDjenkins/jenkins< 1.509.1+1

▶NVDcloudbees/jenkins1.466 — 1.466.14.1+1

🔴Vulnerability Details

OSV

Jenkins vulnerable to Cross-site Scripting↗2022-05-14

▶

GHSA

Jenkins vulnerable to Cross-site Scripting↗2022-05-14

▶

CVEList

CVE-2013-2033: Cross-site scripting (XSS) vulnerability in Jenkins before 1↗2014-04-10

▶

📋Vendor Advisories

Red Hat

Jenkins: Build Description XSS↗2013-05-02

▶

Jenkins

Jenkins Security Advisory 2013-05-02↗2013-05-02

▶

💬Community

Bugzilla

CVE-2013-2033 Jenkins: Build Description XSS↗2013-05-02

▶