CVE-2011-4344

Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
jenkinsjenkins
1.409.1
jenkinsjenkins
1.409.2
jenkinsjenkins
𝑥
≤ 1.437
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jenkins-winstone
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
natty
dne
maverick
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://groups.google.com/group/jenkinsci-advisories/msg/1b94588f90f876b5?dmode=source&output=gplain
http://openwall.com/lists/oss-security/2011/11/23/5
http://openwall.com/lists/oss-security/2011/11/23/6
http://secunia.com/advisories/46911
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
http://www.securityfocus.com/bid/50786
https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch
http://groups.google.com/group/jenkinsci-advisories/msg/1b94588f90f876b5?dmode=source&output=gplain
http://openwall.com/lists/oss-security/2011/11/23/5
http://openwall.com/lists/oss-security/2011/11/23/6
http://secunia.com/advisories/46911
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
http://www.securityfocus.com/bid/50786
https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch