CVEbuzz logo
This website displays data collected from external sources, and is not responsible for any aspect of it. Read more...

Security / vulnerability advisories for Jenkins CppNCSS 1.0 Beta 4 for Jenkins

Titles listed in dictionary

CPE for product: cpe:2.3:a:jenkins:cppncss:1.0:beta4:*:*:*:jenkins:*:*

Showing 1-1 of 1
Medium-low damage 6.1
Easy to exploit
(other affected products) Published: Tue Mar 13 13:29:00 2018 UTC. Last Modified: Wed Apr 4 14:49:00 2018 UTC
CPE matches: cpe:2.3:a:jenkins:cppncss:*:*:*:*:*:jenkins:*:* && versionEndIncluding=1.1

Description

A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed.

Damage

Attack conditions

Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (CVSSv3)

Type of bug(s)

References