CVE-2016-4988
published 2017-02-09CVE-2016-4988: Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | async_http_client_plugin | — | — |
| jenkins | build_failure_analyzer | < 1.16.0 | 1.16.0 |
| jenkins | build_failure_analyzer_plugin | — | — |
| jenkins | image_gallery_plugin | — | — |
| jenkins | tap_plugin | — | — |
| jenkins | users_of_build_failure_analyzer_plugin | — | — |
| jenkins | users_of_image_gallery_plugin | — | — |
| jenkins | users_of_tap_plugin | — | — |