CVE-2013-2033

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
jenkinsjenkins
𝑥
< 1.509.1
jenkinsjenkins
𝑥
< 1.514
cloudbeesjenkins
1.466 ≤
𝑥
< 1.466.14.1
cloudbeesjenkins
1.480 ≤
𝑥
< 1.480.4.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jenkins
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://osvdb.org/92982
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
https://exchange.xforce.ibmcloud.com/vulnerabilities/84004
http://osvdb.org/92982
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
https://exchange.xforce.ibmcloud.com/vulnerabilities/84004