CVE-2018-1999007 log

Source
Severity Medium
Remote Yes
Type Cross-site scripting
Description
Stapler is the web framework used by Jenkins to route HTTP requests. When its debug mode is enabled, HTTP 404 error pages display diagnostic information. Those error pages did not escape parts of URLs they displayed before Jenkins 2.133, in rare cases resulting in a cross-site scripting vulnerability.
Group Package Affected Fixed Severity Status Ticket
AVG-738 jenkins 2.132-1 2.133-1 High Fixed
Date Advisory Group Package Severity Description
21 Jul 2018 ASA-201807-14 AVG-738 jenkins High multiple issues
References
https://jenkins.io/security/advisory/2018-07-18/