Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2018-1000407
Reference:
CVE-2018-1000407
Title:
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins.