CVE-2015-5326 — Cross-site Scripting in Jenkins

CWE-79 — Cross-site Scripting7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 63.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedNov 25

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDjenkins/jenkins1.637+1

▶NVDredhat/openshift3.1+1

🔴Vulnerability Details

OSV

Jenkins allows Cross-Site Scripting (XSS)↗2022-05-13

▶

GHSA

Jenkins allows Cross-Site Scripting (XSS)↗2022-05-13

▶

CVEList

CVE-2015-5326: Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1↗2015-11-25

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2015-11-11↗2015-11-11

▶

Red Hat

jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)↗2015-11-11

▶

💬Community

Bugzilla

CVE-2015-5326 jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)↗2015-11-16

▶