CVE-2011-4344

EUVD-2011-4275
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
jenkinsjenkins
1.409.1
jenkinsjenkins
1.409.2
jenkinsjenkins
𝑥
≤ 1.437
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jenkins-winstone
artful
dne
bionic
dne
cosmic
dne
hardy
dne
lucid
dne
maverick
dne
natty
dne
oneiric
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://groups.google.com/group/jenkinsci-advisories/msg/1b94588f90f876b5?dmode=source&output=gplain
http://openwall.com/lists/oss-security/2011/11/23/5
http://openwall.com/lists/oss-security/2011/11/23/6
http://secunia.com/advisories/46911
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
http://www.securityfocus.com/bid/50786
https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch
http://groups.google.com/group/jenkinsci-advisories/msg/1b94588f90f876b5?dmode=source&output=gplain
http://openwall.com/lists/oss-security/2011/11/23/5
http://openwall.com/lists/oss-security/2011/11/23/6
http://secunia.com/advisories/46911
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
http://www.securityfocus.com/bid/50786
https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch