vulnerability
Jenkins Advisory 2017-11-08: Persisted XSS vulnerability in autocompletion suggestions
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Nov 13, 2017 | Nov 13, 2017 | Feb 19, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Nov 13, 2017
Added
Nov 13, 2017
Modified
Feb 19, 2025
Description
Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.Known previously unsafe sources for these suggestions include the names of loggers in the log recorder condition, and agent labels.Autocompletion suggestions are now escaped and can no longer contain HTML-based formatting.
Solution
jenkins-lts-upgrade-2_73_3
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.