---

CVE-2018-1999005 - log back

CVE-2018-1999005 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Cross-site scripting
Description	+ The build timeline widget shown on URLs like /view/…/builds in Jenkins before 2.133 did not properly escape display names of items. This resulted in a cross-site scripting vulnerability exploitable by users able to control item display names
References	+ https://jenkins.io/security/advisory/2018-07-18/
Notes