| Vulnerability Name: | CVE-2015-1813 (CCN-109522) | ||||||||
| Assigned: | 2015-02-17 | ||||||||
| Published: | 2015-02-17 | ||||||||
| Updated: | 2016-06-15 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812. | ||||||||
| CVSS v3 Severity: | 6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-1813 Source: REDHAT Type: UNKNOWN RHSA-2015:1844 Source: CCN Type: RHSA-2016-0070 Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update Source: REDHAT Type: UNKNOWN RHSA-2016:0070 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=1205615 Source: XF Type: UNKNOWN jenkins-cve20151813-xss(109522) Source: CCN Type: Jenkins Security Advisory 2015-03-23 multiple vulnerabilities in Jenkins Source: CONFIRM Type: Vendor Advisory https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23 Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-1813 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||