Vulnerability Description
A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rebuild Project | Rebuild | <= 1.28 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106532Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2018-09-25/#SECURITY-130Third Party Advisory
- http://www.securityfocus.com/bid/106532Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2018-09-25/#SECURITY-130Third Party Advisory
FAQ
What is CVE-2018-1000415?
CVE-2018-1000415 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/F...
How severe is CVE-2018-1000415?
CVE-2018-1000415 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000415?
Check the references section above for vendor advisories and patch information. Affected products include: Rebuild Project Rebuild.