Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Jenkins
  • Jenkins
Cloudbees
  • Jenkins

Configuration 1 [-]

OR cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.301:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.302:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.303:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.304:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.305:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.306:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.307:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.308:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.309:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.310:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.311:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.312:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.313:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.314:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.315:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.316:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.317:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.318:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.319:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.320:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.321:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.322:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.323:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.324:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.325:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.326:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.327:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.328:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.329:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.330:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.331:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.332:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.333:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.334:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.335:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.336:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.337:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.338:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.339:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.340:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.341:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.342:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.343:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.344:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.345:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.346:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.347:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.348:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.349:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.350:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.351:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.352:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.353:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.354:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.355:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.356:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.357:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.358:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.359:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.360:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.361:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.362:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.363:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.364:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.365:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.366:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.367:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.368:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.369:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.370:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.371:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.372:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.373:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.374:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.375:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.376:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.377:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.378:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.379:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.380:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.382:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.383:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.384:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.386:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.387:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.388:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.389:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.390:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.391:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.392:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.393:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.394:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.395:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.396:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.397:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.398:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.399:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:cloudbees:jenkins:1.400:*:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.400.0.12:*:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.424:*:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.424.5:*:enterprise:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:cloudbees:jenkins:1.400:*:lts:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.400.0.12:*:lts:*:*:*:*:*
References
Link Resource
http://jvn.jp/en/jp/JVN79950061/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb Vendor Advisory
http://www.securityfocus.com/bid/52384
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2012-03-09T11:00:00

Updated: 2018-01-10T20:57:01

Reserved: 2012-01-04T00:00:00

Link: CVE-2012-0325

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2012-03-09T11:55:01.083

Modified: 2018-10-30T16:27:19.920

Link: CVE-2012-0325

JSON object: View

cve-icon Redhat Information

No data.

CWE