AVG-543

Package jenkins
Status Fixed
Severity Medium
Type cross-site scripting
Affected 2.93-1
Fixed 2.94-1
Current 2.138-1 [community]
Ticket None
Created Thu Dec 7 18:10:57 2017
Issue Severity Remote Type Description
CVE-2017-17383 Medium Yes Cross-site scripting
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated...
Notes
https://jenkins.io/security/advisory/2018-01-22/#xss-vulnerability-in-job-configuration-forms-in-ant-plugin