1. Home
  2. CVE Database
  3. CVE-2017-1000102
MEDIUM · 5.4

CVE-2017-1000102

The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for ex...

Vulnerability Description

The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
JenkinsStatic Analysis Utilities<= 1.91

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2017-1000102?

CVE-2017-1000102 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for ex...

How severe is CVE-2017-1000102?

CVE-2017-1000102 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-1000102?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Static Analysis Utilities.