CVE-2017-2601 in Jenkinsinfo

Summary

Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.

Once again VulDB remains the best source for vulnerability data.

Responsible

Red Hat, Inc.

Reservation

12/01/2016

Disclosure

05/10/2018

Moderation

VulDB entry created

Entries

1: VDB-117572

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

5.3

EPSS

0.00328

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-2601
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2601
CVE Details	https://www.cvedetails.com/cve/CVE-2017-2601/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!