CVE-2018-1000177

A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
References
Link Resource
https://jenkins.io/security/advisory/2018-04-16/ Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:jenkins:s3_publisher:*:*:*:*:*:jenkins:*:*

Information

Published : 2018-05-08 03:29

Updated : 2018-06-13 03:05


NVD link : CVE-2018-1000177

Mitre link : CVE-2018-1000177

Products Affected
No products.
CWE