Vulnerability Details : CVE-2017-1000386
Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the 'Build With Parameters' page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it is up to the administrator to allow or disallow problematic script output.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2017-1000386
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 19 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-1000386
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST |
5.4
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
NIST |
CWE ids for CVE-2017-1000386
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1000386
-
http://www.securityfocus.com/bid/101538
Jenkins Active Choices Plugin HTML Injection VulnerabilityThird Party Advisory;VDB Entry
-
https://jenkins.io/security/advisory/2017-10-23/
Jenkins Security Advisory 2017-10-23Vendor Advisory
Products affected by CVE-2017-1000386
- cpe:2.3:a:jenkins:active_choices:*:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:active_choices:1.5.3:-:*:*:*:*:*:*
- cpe:2.3:a:jenkins:active_choices:1.5.3:alpha:*:*:*:jenkins:*:*