CVE-2017-17383: Cross-site Scripting

December 6, 2017 (updated December 22, 2017)

Jenkins allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core.

References

www.securityfocus.com/bid/102130
jenkins.io/security/advisory/2017-12-05/
nvd.nist.gov/vuln/detail/CVE-2017-17383

Code Behaviors & Features

Detect and mitigate CVE-2017-17383 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →