Vulnerability & Exploit Database

Back to search

Jenkins Advisory 2017-11-08: CVE-2017-1000392: Persisted XSS vulnerability in autocompletion suggestions

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) November 19, 2017 November 19, 2017 November 19, 2017

Description

Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.Known previously unsafe sources for these suggestions include the names of loggers in the log recorder condition, and agent labels.Autocompletion suggestions are now escaped and can no longer contain HTML-based formatting.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

jenkins-lts-upgrade-2_73_3

Related Vulnerabilities