CVE-2017-1000102
Last modified
CVE-2017-1000102 is a vulnerability of currently unknown severity. The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.. EPSS estimates a 0.74% chance of exploitation in the next 30 days.
Description
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Static Analysis Utilities | <= 1.91 |
References
- http://www.securityfocus.com/bid/101061Third Party Advisory, VDB Entry
- https://jenkins.io/security/advisory/2017-08-07/Vendor Advisory
- http://www.securityfocus.com/bid/101061Third Party Advisory, VDB Entry
- https://jenkins.io/security/advisory/2017-08-07/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-1000102?
How severe is CVE-2017-1000102?
How do I fix CVE-2017-1000102?
Are you affected by CVE-2017-1000102?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST