CVE-2015-7536
MEDIUM5.4EPSS 0.29%Improper Neutralization of Input During Web Page Generation in Jenkins
Published: 5/17/2022Modified: 3/13/2024
Description
Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
Affected packages (1)
- Maven/org.jenkins-ci.main:jenkins-core>= 1.626, < 1.640
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-7536
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttps://github.com/jenkinsci/jenkins/commit/27c303417a226bf4c06a588570f28ac2e2507c6c
- WEBhttps://github.com/jenkinsci/jenkins/commit/d3fb2c09f29007dce84a213ae8323df1105dcc30
- WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09