CVE-2012-4439
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
18/11/2019
Last modified:
21/11/2024
Description
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* | 1.466.2 (excluding) | |
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:* | 1.482 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2012/09/21/2
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439
- https://security-tracker.debian.org/tracker/CVE-2012-4439
- https://www.cloudbees.com/jenkins-security-advisory-2012-09-17
- http://www.openwall.com/lists/oss-security/2012/09/21/2
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439
- https://security-tracker.debian.org/tracker/CVE-2012-4439
- https://www.cloudbees.com/jenkins-security-advisory-2012-09-17