CVE-2018-1000177
Last modified
CVE-2018-1000177 is a vulnerability of currently unknown severity. A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.. EPSS estimates a 0.67% chance of exploitation in the next 30 days.
Description
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | S3 Publisher | <= 0.10.12 |
References
- https://jenkins.io/security/advisory/2018-04-16/Vendor Advisory
- https://jenkins.io/security/advisory/2018-04-16/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000177?
How severe is CVE-2018-1000177?
How do I fix CVE-2018-1000177?
Are you affected by CVE-2018-1000177?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST