CVE-2017-1000102: XSS
First published: Wed Oct 04 2017(Updated: )
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Static Analysis Utilities | <=1.91 | |
| maven/org.jvnet.hudson.plugins:analysis-core | <=1.91 | 1.92 |
| <=1.91 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-9c2p-99pg-c4j9
- alias/CVE-2017-1000102
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- agent/trending
- vendor/jenkins
- canonical/jenkins static analysis utilities
- version/jenkins static analysis utilities/1.91
- package-manager/maven