Vulnerability Description
Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the 'Build With Parameters' page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it is up to the administrator to allow or disallow problematic script output.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Active Choices | <= 1.5.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101538Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2017-10-23/Vendor Advisory
- http://www.securityfocus.com/bid/101538Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2017-10-23/Vendor Advisory
FAQ
What is CVE-2017-1000386?
CVE-2017-1000386 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choice...
How severe is CVE-2017-1000386?
CVE-2017-1000386 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-1000386?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Active Choices.