CVE-2014-3681 — Cross-site Scripting in Jenkins

CWE-79 — Cross-site Scripting7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 51.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedOct 15

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDjenkins/jenkins< 1.565.3+1

▶NVDredhat/openshift3.1

🔴Vulnerability Details

OSV

Jenkins Cross-site Scripting vulnerability↗2022-05-14

▶

GHSA

Jenkins Cross-site Scripting vulnerability↗2022-05-14

▶

CVEList

CVE-2014-3681: Cross-site scripting (XSS) vulnerability in Jenkins before 1↗2014-10-15

▶

📋Vendor Advisories

Red Hat

jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143)↗2014-10-02

▶

Jenkins

Jenkins Security Advisory 2014-10-01↗2014-10-01

▶

💬Community

Bugzilla

CVE-2014-3681 jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143)↗2014-09-30

▶