Vulnerability Description
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jolokia | Jolokia | 1.3.7 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3817Third Party Advisory
- https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5fPatchThird Party Advisory
- https://jolokia.org/#Security_fixes_with_1.5.0Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3817Third Party Advisory
- https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5fPatchThird Party Advisory
- https://jolokia.org/#Security_fixes_with_1.5.0Vendor Advisory
FAQ
What is CVE-2018-1000129?
CVE-2018-1000129 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
How severe is CVE-2018-1000129?
CVE-2018-1000129 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000129?
Check the references section above for vendor advisories and patch information. Affected products include: Jolokia Jolokia.