A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core(Maven) | 0 | 2.176.3 | N/A |
| org.jenkins-ci.main:jenkins-core(Maven) | 2.177 | 2.192 | N/A |
CVSS Metrics
