Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities

Global Build Stats Plugin for Jenkins is prone to multiple security vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials, perform unauthorized actions within the context of the vulnerable application.

Information

Bugtraq ID: 101539
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Oct 23 2017 12:00AM
Updated: Oct 23 2017 12:00AM
Credit: Eddie Allan
Vulnerable: Jenkins-Ci Global Build Stats Plugin 1.3

Not Vulnerable: Jenkins-Ci Global Build Stats Plugin 1.5

Exploit

To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI.

References:

Global Build Stats Plugin Homepage (Jenkins)
Jenkins CI Homepage (Jenkins CI)
Jenkins Security Advisory 2017-10-23 (Jenkins)

Source: www.securityfocus.com

Exploit Collector

Search Exploit