CVE-2018-1999007 - log back

CVE-2018-1999007 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ Stapler is the web framework used by Jenkins to route HTTP requests. When its debug mode is enabled, HTTP 404 error pages display diagnostic information. Those error pages did not escape parts of URLs they displayed before Jenkins 2.133, in rare cases resulting in a cross-site scripting vulnerability.
References
+ https://jenkins.io/security/advisory/2018-07-18/
Notes