Cross-Site Scripting Vulnerability in Jenkins S3 Plugin 0.10.12 and Older

CVE-2018-1000177 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.

Learn more about our User Device Pen Test.