Red Hat Bugzilla – Bug 1418727
CVE-2017-2610 jenkins: Persisted cross-site scripting vulnerability in search suggestions (SECURITY-388)
Last modified: 2017-03-21 14:51:12 EDT
The following flaw was found in Jenkins:
Jenkins allows the creation of users with less-than and greater-than characters in their names. These user names were not escaped when displaying search suggestions, resulting in a cross-site scripting vulnerability.
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1418736]