CVE-2017-2601Cross-site Scripting in Jenkins

CWE-79Cross-site Scripting76 documents6 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 44.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
119
JenkinsJenkins Agent Server Parameter PluginJenkins ANT Plugin+116 more
Timeline
PublishedMay 10
Latest updateOct 19

Description

Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages119 packages

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

66
GHSA
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin2022-10-19
OSV
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin2022-10-19
OSV
Cross-site Scripting in Jenkins Validating Email Parameter Plugin2022-07-01
GHSA
Cross-site Scripting in Jenkins Validating Email Parameter Plugin2022-07-01
GHSA
Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin2022-06-24

📋Vendor Advisories

7
Jenkins
Jenkins Security Advisory 2022-10-192022-10-19
Jenkins
Jenkins Security Advisory 2022-06-302022-06-30
Jenkins
Jenkins Security Advisory 2022-06-222022-06-22
Jenkins
Jenkins Security Advisory 2022-05-172022-05-17
Jenkins
Jenkins Security Advisory 2022-04-122022-04-12

💬Community

2
Bugzilla
CVE-2017-2601 jenkins: Persisted cross-site scripting vulnerability in parameter names and descriptions (SECURITY-353)2017-02-02
Bugzilla
CVE-2017-1000362 CVE-2017-2598 CVE-2017-2599 CVE-2017-2600 CVE-2017-2601 CVE-2017-2602 CVE-2017-2604 CVE-2017-2606 CVE-2017-2607 CVE-2017-2608 CVE-2017-2609 CVE-2017-2610 CVE-2017-2611 CVE-2017-2612 C2017-02-02
CVE-2017-2601 — Cross-site Scripting in Jenkins | cvebase