CVE-2017-1000102

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 85.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Static Analysis Utilities
Timeline
PublishedOct 5
Latest updateMay 17

Description

The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

3
OSV
Persistent XSS vulnerability in Static Analysis Utilities2022-05-17
GHSA
Persistent XSS vulnerability in Static Analysis Utilities2022-05-17
CVEList
CVE-2017-1000102: The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users ab2017-10-04

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2017-08-072017-08-07
CVE-2017-1000102 (MEDIUM CVSS 5.4) | The Details view of some Static Ana | cvebase.io