Jenkins Active Choices Plugin HTML Injection Vulnerability

Active Choices Plugin for Jenkins is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible.

Active Choices Plugin 1.5.3 and prior versions are vulnerable.

Information

Bugtraq ID: 101538
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Oct 23 2017 12:00AM
Updated: Oct 23 2017 12:00AM
Credit: Daniel Beck from CloudBees Inc.
Vulnerable: Jenkins-Ci Active Choices Plugin 1.5.3
Jenkins-Ci Active Choices Plugin 1.5.2
Jenkins-Ci Active Choices Plugin 1.5.1
Jenkins-Ci Active Choices Plugin 1.5.0

Not Vulnerable: Jenkins-Ci Active Choices Plugin 2.0

Exploit

An attacker can exploit this issue using a web browser.

References:

Active Choices Plugin Homepage (Jenkins)
Jenkins CI Homepage (Jenkins CI)
Jenkins Security Advisory 2017-10-23 (Jenkins)

Source: www.securityfocus.com

Exploit Collector

Search Exploit