Description
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2011-4275 | Jenkins allows Cross-Site Scripting (XSS) |
 Github GHSA |
GHSA-q3rp-555r-hh6r | Jenkins allows Cross-Site Scripting (XSS) |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-07T00:01:51.603Z
Reserved: 2011-11-04T00:00:00.000Z
Link: CVE-2011-4344
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-12-01T11:55:07.317
Modified: 2026-04-29T01:13:23.040
Link: CVE-2011-4344
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses