FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- XSS vulnerability

Affected packages
jenkins < 1.453

Details

VuXML ID 9448a82f-6878-11e1-865f-00e0814cab4e
Discovery 2012-03-05
Entry 2012-03-07

Jenkins Security Advisory reports:

An XSS vulnerability was found in Jenkins core, which allows an attacker to inject malicious HTMLs to pages served by Jenkins. This allows an attacker to escalate his privileges by hijacking sessions of other users. This vulnerability affects all versions.

References

URL https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-03-05