| Impact |
| - |
An attacker can access files outside workspaces by opening them using the workspace browser, perform stored cross-site scripting attacks to influence the contents of varios display items, inject crafted content into Old Data Monitor resulting in the instantiation of potentially unsafe objects, choose agent names that cause Jenkins to override unrelated config.xml files, use a maliciously crafted fingerprint ID to check for the existence of XML files on the controller file system, requests Jenkins to render a graph of an arbitrary size results in out of memory errors, access plugin-provided URLs potentially leading to the disclosure of sensitive information, perform a reflected cross-site scripting that allows for the execution of unsafe elements when Jenkins renders a formatted preview of the URL. |
| + |
An attacker can access sensitive information, influence the contents of varios display items, instantiate unsafe objects, override configuration files, perform a denial of service, execute unsafe elements. |
|