Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2018-1999005
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
| Software | From | Fixed in |
|---|---|---|
| jenkins / jenkins | 2.122 | 2.132.x |
| jenkins / jenkins | - | 2.121.1.x |
| oracle / communications_cloud_native_core_automated_test_suite | 1.9.0 | 1.9.0.x |
org.jenkins-ci.main / jenkins-core
|
- | 2.121.2 |
|
org.jenkins-ci.main / jenkins-core
|
2.122 | 2.132 |