CVE

CVE-2018-1000177

admin

CVE-2018-1000177

A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user’s browser when that user performs some UI actions.

Source: CVE-2018-1000177

Exit mobile version