cvedb.io
CVE-2018-1000170
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2018-04-16T09:58:09.040 · Last modified 2026-06-17T01:32:34.930

Summary

A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions.

Affected products

jenkins — jenkins

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.