A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-09T23:00:00

Updated: 2024-08-05T12:40:46.976Z

Reserved: 2019-01-09T00:00:00

Link: CVE-2018-1000413

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-01-09T23:29:02.513

Modified: 2024-11-21T03:40:01.060

Link: CVE-2018-1000413

cve-icon Redhat

No data.