Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1869 to the following vulnerability: Name: CVE-2014-1869 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1869 Assigned: 20140206 Reference: https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca Reference: https://github.com/zeroclipboard/zeroclipboard/pull/335 Reference: https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2 Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
There is a stapler-adjunct-zeroclipboard jar in the Jenkins as shipped for OpenShift Enterprise
Statement: This issue affects the versions of Jenkins as shipped with Red Hat OpenShift Enterprise 1 and 2. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Kurt, I am making your Comment 5 private, because that statement is picked up in favor of the one from Comment 4 and is showing up on CVE pages. I am doing that because statement in comment 5 contains typo (Jnekins), refers to non-existing product (Red Hat OpenShift Enterprise Linux 2) and in general says the same thing as the one from comment 4.
This issue has been addressed in the following products: RHEL 7 Version of OpenShift Enterprise 3.1 Via RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070