CVE-2015-7536 — Cross-site Scripting in Jenkins

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 47.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Jenkins Core Jenkins LTS +2 more

Timeline

PublishedFeb 3

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶NVDjenkins/jenkins1.625.1+1

▶jenkinsjenkins/jenkins_lts

▶jenkinsjenkins/jenkins_core

▶jenkinsjenkins/sha-1_checksums_for_the_plugin

▶jenkinsjenkins/this_enabled_mitm_attacks_on_the_plugin

🔴Vulnerability Details

GHSA

Improper Neutralization of Input During Web Page Generation in Jenkins↗2022-05-17

▶

OSV

Improper Neutralization of Input During Web Page Generation in Jenkins↗2022-05-17

▶

📋Vendor Advisories

Red Hat

jenkins: stored XSS vulnerability through workspace files and archived artifacts (SECURITY-95)↗2015-12-09

▶

Jenkins

Jenkins Security Advisory 2015-12-09↗2015-12-09

▶

💬Community

Bugzilla

CVE-2015-7536 CVE-2015-7537 CVE-2015-7538 CVE-2015-7539 jenkins: various flaws [fedora-all]↗2015-12-15

▶

Bugzilla

CVE-2015-7536 jenkins: stored XSS vulnerability through workspace files and archived artifacts (SECURITY-95)↗2015-12-15

▶