CVE-2018-1999005 log

Source
Severity Medium
Remote Yes
Type Cross-site scripting
Description
The build timeline widget shown on URLs like /view/…/builds in Jenkins before 2.133 did not properly escape display names of items. This resulted in a cross-site scripting vulnerability exploitable by users able to control item display names
Group Package Affected Fixed Severity Status Ticket
AVG-738 jenkins 2.132-1 2.133-1 High Fixed
Date Advisory Group Package Severity Type
21 Jul 2018 ASA-201807-14 AVG-738 jenkins High multiple issues
References
https://jenkins.io/security/advisory/2018-07-18/