Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Jenkins
  • Jenkins
Redhat
  • Openshift

Configuration 1 [-]

cpe:2.3:a:jenkins:jenkins:1.523:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat OpenShift Enterprise 2.1
jenkins-0:1.565.3-1.el6op cpe:/a:redhat:openshift:2.0::el6 RHBA-2014:1630 2014-10-14T00:00:00Z
jenkins-plugin-openshift-0:0.6.40.1-0.el6op cpe:/a:redhat:openshift:2.0::el6 RHBA-2014:1630 2014-10-14T00:00:00Z
openshift-origin-cartridge-jenkins-0:1.20.3.5-1.el6op cpe:/a:redhat:openshift:2.0::el6 RHBA-2014:1630 2014-10-14T00:00:00Z
References
Link Providers
http://packetstormsecurity.com/files/124513 cve-icon cve-icon
http://seclists.org/bugtraq/2013/Dec/104 cve-icon cve-icon
http://seclists.org/fulldisclosure/2013/Dec/159 cve-icon cve-icon
http://www.exploit-db.com/exploits/30408 cve-icon cve-icon
http://www.osvdb.org/101187 cve-icon cve-icon
http://www.securityfocus.com/bid/64414 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/89872 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-5573 cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-5573 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-12-31T15:00:00

Updated: 2024-08-06T17:15:21.406Z

Reserved: 2013-08-23T00:00:00

Link: CVE-2013-5573

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-12-31T16:04:14.447

Modified: 2017-08-29T01:33:49.967

Link: CVE-2013-5573

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-12-16T00:00:00Z

Links: CVE-2013-5573 - Bugzilla