|
Description
|
|
Multiple Vulnerabilities have been reported in Jenkins, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
1) Certain unspecified input related to an URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input related to an URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) The application does not properly restrict access to the functionality for issuing new API tokens, which can be exploited to issue a new API token and subsequently gain access to otherwise restricted functionality.
The vulnerabilities are reported in versions 1.605 and prior and 1.596.1 LTS and prior.
|
