← back
CVE-2018-1000407

CVE-2018-1000407

EPSS 1.5%
A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1129http://www.securityfocus.com/bid/106532