| Vulnerability Name: | CVE-2015-5326 (CCN-108183) | ||||||||
| Assigned: | 2015-11-18 | ||||||||
| Published: | 2015-11-18 | ||||||||
| Updated: | 2019-12-17 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message. | ||||||||
| CVSS v3 Severity: | 6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-5326 Source: CCN Type: RHSA-2016-0070 Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update Source: CCN Type: RHSA-2016-0489 Important: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update Source: REDHAT Type: UNKNOWN RHSA-2016:0489 Source: REDHAT Type: UNKNOWN RHSA-2016:0070 Source: XF Type: UNKNOWN jenkins-cve20155326-xss(108183) Source: CCN Type: Jenkins Security Advisory 2015-11-11 multiple vulnerabilities in Jenkins Source: CONFIRM Type: Vendor Advisory https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-5326 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||