Cross-Site Scripting Vulnerability in Jenkins Config File Provider Plugin 3.1 and Earlier

Cross-Site Scripting Vulnerability in Jenkins Config File Provider Plugin 3.1 and Earlier

CVE-2018-1000413 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.

Learn more about our User Device Pen Test.