CVE-2018-1000177: XSS
First published: Tue May 08 2018(Updated: )
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=0.10.12 | ||
| maven/org.jenkins-ci.plugins:s3 | <=0.10.12 | 0.11.0 |
| Jenkins S3 Publisher | <=0.10.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-3892-qqv6-h2qm
- alias/CVE-2018-1000177
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/author
- collector/nvd-cve
- source/NVD
- agent/softwarecombine
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/trending
- agent/tags
- agent/source
- vendor/jenkins
- package-manager/maven
- canonical/jenkins s3 publisher
- version/jenkins s3 publisher/0.10.12