Security Advisory- Jenkins Stored Cross Site Scripting Vulnerability
Updated: Nov 23, 2018
The Ant installation component within Jenkins is affected by a stored cross-site scripting vulnerability.
CVSS Score and Metrics
CVSS 2.0 METRICS: AV:N/AC:L/AU:N/C:P/I:P/A:N
CVSS 2.0 SCORE: 6.42
CVSS 3.0 METRICS: AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CVSS:3.0 SCORE 4.8
Stored Cross Site Scripting (XSS)
An attacker can inject hostile script into unsuspecting users's browser. An attacker can then leverage this issue to hijack browser sessions, redirect users to malicious websites, steal cookies and perform other actions.
Dhiraj Datar, Lakhshya Cyber Security Labs Pvt Ltd
04-10-2017 - Vulnerability reported to vendor.
04-10-2017 – Vulnerability acknowledged report.
09-10-2017 – Vendor confirmation received.
04-12-2017 - Coordinated public release of advisory.
05-12-2017 - Initial release.
05-12-2017 - CVSS scoring and metrics changed.