Vulnerability Description
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | <= 2.93 |
Related Weaknesses (CWE)
References
- http://vsintelli.com/portal/blog/23-security-advisory-2017-12-04Third Party Advisory
- http://www.securityfocus.com/bid/102130Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2017-12-05/Vendor Advisory
- http://vsintelli.com/portal/blog/23-security-advisory-2017-12-04Third Party Advisory
- http://www.securityfocus.com/bid/102130Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2017-12-05/Vendor Advisory
FAQ
What is CVE-2017-17383?
CVE-2017-17383 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant ...
How severe is CVE-2017-17383?
CVE-2017-17383 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17383?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins.