https://bugzilla.redhat.com/show_bug.cgi?id=1524540
Bug ID: 1524540
Summary: CVE-2017-17383 jenkins: XSS via a crafted tool name in
a job configuration form
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: bleanhar(a)redhat.com, ccoleman(a)redhat.com,
dedgar(a)redhat.com, dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jkeck(a)redhat.com,
kseifried(a)redhat.com, mizdebsk(a)redhat.com,
msrb(a)redhat.com
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS
attacks via a crafted tool name in a job configuration form, as demonstrated by
the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka
SECURITY-624.
External References:
https://jenkins.io/security/advisory/2017-12-05/
--
You are receiving this mail because:
You are on the CC list for the bug.