CVE-2015-1812 — Cross-site Scripting in Jenkins

CWE-79 — Cross-site Scripting11 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 55.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedOct 16

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDjenkins/jenkins1.596.1+1

▶NVDredhat/openshift3.1

🔴Vulnerability Details

GHSA

Jenkins Cross-site Scripting vulnerability↗2022-05-17

▶

OSV

Jenkins Cross-site Scripting vulnerability↗2022-05-17

▶

CVEList

CVE-2015-1812: Cross-site scripting (XSS) vulnerability in Jenkins before 1↗2015-10-16

▶

💥Exploits & PoCs

Exploit-DB

Wireshark - memcpy 'get_value / dissect_btatt' SIGSEGV↗2015-12-16

▶

Exploit-DB

Chkrootkit 0.49 - Local Privilege Escalation↗2014-06-28

▶

📋Vendor Advisories

Red Hat

jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)↗2015-03-23

▶

Jenkins

Jenkins Security Advisory 2015-03-23↗2015-03-23

▶

Red Hat

jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)↗2015-03-23

▶

💬Community

Bugzilla

CVE-2015-1806 CVE-2015-1807 CVE-2015-1813 CVE-2015-1812 CVE-2015-1811 CVE-2015-1810 CVE-2015-1808 CVE-2015-1809 CVE-2015-1814 jenkins: various flaws [fedora-all]↗2015-03-25

▶

Bugzilla

CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)↗2015-03-25

▶