vulnerability

Jenkins Advisory 2018-07-18: CVE-2018-1999007: XSS vulnerability in Stapler debug mode

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Jul 23, 2018	Aug 10, 2018	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Jul 23, 2018

Added

Aug 10, 2018

Modified

Aug 11, 2025

Description

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled.

Solutions

jenkins-lts-upgrade-2_121_2jenkins-upgrade-2_133

References

CVE-2018-199900
https://attackerkb.com/topics/CVE-2018-199900
CWE-79
URL-https://jenkins.io/security/advisory/2018-07-18/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today