Back to bug 2226895
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2023-07-26 21:02:45 UTC | Blocks | 2226896 | |
| Avinash Hanwate | 2023-07-27 06:44:46 UTC | Alias | TRIAGE-CVE-2023-39151 | CVE-2023-39151 |
| Summary | TRIAGE-CVE-2023-39151 jenkins: Stored cross-site scripting via build logs | CVE-2023-39151 jenkins: Stored cross-site scripting via build logs | ||
| Doc Text | Jenkins weekly and LTS are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||
| RaTasha Tillery-Smith | 2023-07-27 13:30:05 UTC | Doc Text | Jenkins weekly and LTS are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | A flaw was found in Jenkins, where Jenkins weekly and LTS are vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote, authenticated attacker can inject malicious script into a web page, which would be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. This flaw allows an attacker to steal the victim's cookie-based authentication credentials. |
Back to bug 2226895