vulnerability
Jenkins Advisory 2017-11-08: Persisted XSS vulnerability in autocompletion suggestions
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Nov 13, 2017 | Nov 13, 2017 | Feb 19, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Nov 13, 2017
Added
Nov 13, 2017
Modified
Feb 19, 2025
Description
Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.Known previously unsafe sources for these suggestions include the names of loggers in the log recorder condition, and agent labels.Autocompletion suggestions are now escaped and can no longer contain HTML-based formatting.
Solution
jenkins-lts-upgrade-2_73_3
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.