Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities



Global Build Stats Plugin for Jenkins is prone to multiple security vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials, perform unauthorized actions within the context of the vulnerable application.

Information

Bugtraq ID: 101539
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Oct 23 2017 12:00AM
Updated: Oct 23 2017 12:00AM
Credit: Eddie Allan
Vulnerable: Jenkins-Ci Global Build Stats Plugin 1.3


Not Vulnerable: Jenkins-Ci Global Build Stats Plugin 1.5


Exploit


To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI.


Related Posts

Comments