CVE-2017-1000389

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-1000389
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000389.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-1000389
Aliases
Published
2018-01-26T02:29:00Z
Modified
2024-10-12T02:24:28.978356Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability.

References

Affected packages

Git / github.com/jenkinsci/global-build-stats-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/global-build-stats-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

global-build-stats-1.*

global-build-stats-1.1
global-build-stats-1.2
global-build-stats-1.3
global-build-stats-1.4