UNKNOWN Maven
Jenkins allows Cross-Site Scripting (XSS)
GHSA-9hr6-5x6g-gg5g · CVE-2012-6074
Published · Modified
Description
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2012-6074
- WEB https://access.redhat.com/errata/RHSA-2013:0220
- WEB https://access.redhat.com/security/cve/CVE-2012-6074
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=890612
- PACKAGE https://github.com/jenkinsci/jenkins
- WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
- WEB http://rhn.redhat.com/errata/RHSA-2013-0220.html
- WEB http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
- WEB http://www.openwall.com/lists/oss-security/2012/12/28/1
Ready to move
Start Securing
Free, no credit card | First findings in minutes