Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities

Global Build Stats Plugin for Jenkins is prone to multiple security vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials, perform unauthorized actions within the context of the vulnerable application.


Bugtraq ID: 101539
Class: Input Validation Error
Remote: Yes
Local: No
Published: Oct 23 2017 12:00AM
Updated: Oct 23 2017 12:00AM
Credit: Eddie Allan
Vulnerable: Jenkins-Ci Global Build Stats Plugin 1.3

Not Vulnerable: Jenkins-Ci Global Build Stats Plugin 1.5


To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI.

Related Posts