Jenkins CVE-2013-0328 Unspecified Cross Site Scripting Vulnerability
BID:58726
Info
Jenkins CVE-2013-0328 Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 58726 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-0328 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 17 2013 12:00AM |
| Updated: | Mar 19 2015 09:06AM |
| Credit: | Reported by the vendor |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Jenkins CVE-2013-0328 Unspecified Cross Site Scripting Vulnerability
Jenkins is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Note: This issue was previously discussed in BID 57994 (Jenkins Cross-Site Scripting, Security Bypass, and Denial of Service Vulnerabilities), but has been moved to its own record to better document it.
Versions prior to Jenkins 1.480.3 and 1.502 are vulnerable.
Jenkins is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Note: This issue was previously discussed in BID 57994 (Jenkins Cross-Site Scripting, Security Bypass, and Denial of Service Vulnerabilities), but has been moved to its own record to better document it.
Versions prior to Jenkins 1.480.3 and 1.502 are vulnerable.
Exploit / POC
Jenkins CVE-2013-0328 Unspecified Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting victim into following a malicious URI.
Attackers can exploit this issue by enticing an unsuspecting victim into following a malicious URI.
Solution / Fix
Jenkins CVE-2013-0328 Unspecified Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.