cvelistv5 - cve-2017-1000109

CVE-2017-1000109 (GCVE-0-2017-1000109)

Vulnerability from cvelistv5 – Published: 2017-10-04 01:00 – Updated: 2024-08-05 21:53

Summary

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/100227	vdb-entryx_refsource_BID
	https://jenkins.io/security/advisory/2017-08-07/	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:53:06.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100227",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100227"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jenkins.io/security/advisory/2017-08-07/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2017-08-22T00:00:00",
      "datePublic": "2017-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-04T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "100227",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100227"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jenkins.io/security/advisory/2017-08-07/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2017-08-22T17:29:33.322861",
          "ID": "CVE-2017-1000109",
          "REQUESTER": "ml@beckweb.net",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100227",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100227"
            },
            {
              "name": "https://jenkins.io/security/advisory/2017-08-07/",
              "refsource": "CONFIRM",
              "url": "https://jenkins.io/security/advisory/2017-08-07/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-1000109",
    "datePublished": "2017-10-04T01:00:00",
    "dateReserved": "2017-10-03T00:00:00",
    "dateUpdated": "2024-08-05T21:53:06.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"FE428D65-2789-4FD0-AAAD-6B3C07BACC18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"94D1D9E7-451D-4756-B9A4-C9744DBC715D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.2:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"31E1C69C-C417-4339-B962-90D1E392EA92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.3:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"187EEC33-EF1B-4E56-8D06-9721E6EF6A38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"B1FFA96E-AB65-4427-8053-C15BBB991BCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"0BDA7EAA-BA4A-486A-ABDC-B07E5C162B7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.5:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"BB8439C6-DEE9-484F-A987-FD0139709891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.7:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"72496F9F-6392-46EA-9D40-99717775BCCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.8:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"94488F71-6068-4D40-A489-E7A7CE9B819C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.0:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"F7533C35-FC4A-4D53-BDDF-D877B05A038D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"7D78D0F6-DE89-4456-9AA6-E569F7DD39C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"5DC4746C-AA1F-4D9D-880C-76B42E253F45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.2:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"34B2D8CD-C621-4A0A-82BC-E1415FD26C71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.2:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"856328A7-BD25-4905-9D49-9B8E9DA67196\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.3:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"14959CAC-8561-4BC1-978E-6B6B60F9C78A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"D353EEE8-8C03-4F75-9A02-55F159E24B04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"2532B713-4F03-40A5-8549-EC465EDB7558\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.0:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"563C0CFF-CA00-4E66-B0EA-631084164BE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"2DB6D211-2140-44DA-94F5-F40E84F32FEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.2:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"5CAC68EE-0509-4D50-85B6-D2143B31F6E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"982C152C-54B8-4CE7-AB3F-242A69451735\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"CF2A2C18-D3F7-4E08-8D06-6083E63A8853\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.2:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"2FE0020C-D1C4-4EA0-896E-D40301F7D54A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.4:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"4DC56E2F-AFDE-46FF-A971-0071B13CD57F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.5:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"7C655E9A-E4FB-4A93-A700-12E73CB158DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.6:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"BA82EB1F-223A-43A8-85FF-6BDEC57EC96E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"EE5DFF68-55E3-474C-8AEC-9FA8FFEAB29B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"167B3711-E4F6-4F7A-A7D5-1AB306ABADAC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.8:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"D9734E28-3E4D-441B-9A25-010AF22EF2CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.9:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"E0193375-C35E-4471-BFBF-323609286D3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.10:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"A4714A4A-AB41-4E3B-B1FB-126876077209\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"B32A175D-CC97-475E-BA84-0FD80190C550\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"43F2EBBF-ACC5-45B8-A05A-AD33A087E4A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.0:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"CF8D99B6-078E-4CB7-9C15-309269C9475E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"76448741-A34E-40CC-B29C-3AA807D8DA1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"5F7DD792-C2AC-4C7D-B499-2139AEC95D9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.2:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"4B24A3BA-34F4-47C2-9102-72A7242C373D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.2:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"0FC17478-320A-40E5-A6A9-269B5B0E78FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.3:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"797EC1B7-B003-436A-A16D-38C17D24E7C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.4:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"454D7BAC-360D-4484-9806-06398D7D81B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.5:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"C363C3E1-06CC-4241-8BDC-D897F1A36CA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.6:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"D30FA350-D520-4569-87C3-DCAD6B476932\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.0:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"CAA3F171-2461-4AB1-B943-158C397917EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"6AAF4F60-365C-45B2-A35A-4249E24741FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.2:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"5ABC369B-7051-447F-8BAA-54E5A25CB489\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.3:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"6BA1E839-43E6-400A-9848-8A56FB8B87E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.4:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"8ABF8C5E-4131-4C53-86B8-B44D65749C9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.5:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"9A5F226A-69A0-43E3-8F1F-B332C5BDFCA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:2.0.0:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"435597BF-F804-4A1E-A781-AEB432A5B5FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"C111631F-92EC-4F0F-AD09-7DE270A5C1B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1.1:*:*:*:*:jenkins:*:*\", \"matchCriteriaId\": \"D926C362-4745-4D29-8C35-E558D8DC976A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.\"}, {\"lang\": \"es\", \"value\": \"La vista Details personalizada del plugin OWASP Dependency-Check basado en Static Analysis Utilities era vulnerable a Cross-Site Scripting (XSS) persistente. Los usuarios maliciosos capaces de influenciar las entradas en este plugin podr\\u00edan insertar HTML arbitrario en esta vista.\"}]",
      "id": "CVE-2017-1000109",
      "lastModified": "2024-11-21T03:04:10.993",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-10-05T01:29:04.367",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/100227\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://jenkins.io/security/advisory/2017-08-07/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/100227\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://jenkins.io/security/advisory/2017-08-07/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-1000109\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-10-05T01:29:04.367\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.\"},{\"lang\":\"es\",\"value\":\"La vista Details personalizada del plugin OWASP Dependency-Check basado en Static Analysis Utilities era vulnerable a Cross-Site Scripting (XSS) persistente. Los usuarios maliciosos capaces de influenciar las entradas en este plugin podr\u00edan insertar HTML arbitrario en esta vista.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"FE428D65-2789-4FD0-AAAD-6B3C07BACC18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"94D1D9E7-451D-4756-B9A4-C9744DBC715D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.2:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"31E1C69C-C417-4339-B962-90D1E392EA92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.3:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"187EEC33-EF1B-4E56-8D06-9721E6EF6A38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"B1FFA96E-AB65-4427-8053-C15BBB991BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"0BDA7EAA-BA4A-486A-ABDC-B07E5C162B7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.5:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"BB8439C6-DEE9-484F-A987-FD0139709891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.7:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"72496F9F-6392-46EA-9D40-99717775BCCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.0.8:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"94488F71-6068-4D40-A489-E7A7CE9B819C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.0:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"F7533C35-FC4A-4D53-BDDF-D877B05A038D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"7D78D0F6-DE89-4456-9AA6-E569F7DD39C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"5DC4746C-AA1F-4D9D-880C-76B42E253F45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.2:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"34B2D8CD-C621-4A0A-82BC-E1415FD26C71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.2:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"856328A7-BD25-4905-9D49-9B8E9DA67196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.3:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"14959CAC-8561-4BC1-978E-6B6B60F9C78A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"D353EEE8-8C03-4F75-9A02-55F159E24B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"2532B713-4F03-40A5-8549-EC465EDB7558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.0:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"563C0CFF-CA00-4E66-B0EA-631084164BE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"2DB6D211-2140-44DA-94F5-F40E84F32FEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.2:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"5CAC68EE-0509-4D50-85B6-D2143B31F6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"982C152C-54B8-4CE7-AB3F-242A69451735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"CF2A2C18-D3F7-4E08-8D06-6083E63A8853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.2:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"2FE0020C-D1C4-4EA0-896E-D40301F7D54A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.4:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"4DC56E2F-AFDE-46FF-A971-0071B13CD57F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.5:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"7C655E9A-E4FB-4A93-A700-12E73CB158DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.6:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"BA82EB1F-223A-43A8-85FF-6BDEC57EC96E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"EE5DFF68-55E3-474C-8AEC-9FA8FFEAB29B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"167B3711-E4F6-4F7A-A7D5-1AB306ABADAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.8:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"D9734E28-3E4D-441B-9A25-010AF22EF2CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.9:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"E0193375-C35E-4471-BFBF-323609286D3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.10:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"A4714A4A-AB41-4E3B-B1FB-126876077209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"B32A175D-CC97-475E-BA84-0FD80190C550\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"43F2EBBF-ACC5-45B8-A05A-AD33A087E4A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.0:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"CF8D99B6-078E-4CB7-9C15-309269C9475E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"76448741-A34E-40CC-B29C-3AA807D8DA1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"5F7DD792-C2AC-4C7D-B499-2139AEC95D9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.2:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"4B24A3BA-34F4-47C2-9102-72A7242C373D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.2:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"0FC17478-320A-40E5-A6A9-269B5B0E78FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.3:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"797EC1B7-B003-436A-A16D-38C17D24E7C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.4:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"454D7BAC-360D-4484-9806-06398D7D81B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.5:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"C363C3E1-06CC-4241-8BDC-D897F1A36CA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.3.6:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"D30FA350-D520-4569-87C3-DCAD6B476932\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.0:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"CAA3F171-2461-4AB1-B943-158C397917EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"6AAF4F60-365C-45B2-A35A-4249E24741FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.2:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"5ABC369B-7051-447F-8BAA-54E5A25CB489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.3:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"6BA1E839-43E6-400A-9848-8A56FB8B87E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.4:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"8ABF8C5E-4131-4C53-86B8-B44D65749C9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:1.4.5:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"9A5F226A-69A0-43E3-8F1F-B332C5BDFCA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:2.0.0:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"435597BF-F804-4A1E-A781-AEB432A5B5FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"C111631F-92EC-4F0F-AD09-7DE270A5C1B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1.1:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"D926C362-4745-4D29-8C35-E558D8DC976A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100227\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jenkins.io/security/advisory/2017-08-07/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jenkins.io/security/advisory/2017-08-07/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2017-1000109

Vulnerability from fkie_nvd - Published: 2017-10-05 01:29 - Updated: 2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/100227	Third Party Advisory, VDB Entry
cve@mitre.org	https://jenkins.io/security/advisory/2017-08-07/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100227	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://jenkins.io/security/advisory/2017-08-07/	Vendor Advisory

Impacted products

Vendor	Product	Version
jenkins	owasp_dependency-check	1.0.1
jenkins	owasp_dependency-check	1.0.1.1
jenkins	owasp_dependency-check	1.0.2
jenkins	owasp_dependency-check	1.0.3
jenkins	owasp_dependency-check	1.0.4
jenkins	owasp_dependency-check	1.0.4.1
jenkins	owasp_dependency-check	1.0.5
jenkins	owasp_dependency-check	1.0.7
jenkins	owasp_dependency-check	1.0.8
jenkins	owasp_dependency-check	1.1.0
jenkins	owasp_dependency-check	1.1.1
jenkins	owasp_dependency-check	1.1.1.1
jenkins	owasp_dependency-check	1.1.1.2
jenkins	owasp_dependency-check	1.1.2
jenkins	owasp_dependency-check	1.1.3
jenkins	owasp_dependency-check	1.1.4
jenkins	owasp_dependency-check	1.1.4.1
jenkins	owasp_dependency-check	1.2.0
jenkins	owasp_dependency-check	1.2.1
jenkins	owasp_dependency-check	1.2.2
jenkins	owasp_dependency-check	1.2.3
jenkins	owasp_dependency-check	1.2.3.1
jenkins	owasp_dependency-check	1.2.3.2
jenkins	owasp_dependency-check	1.2.4
jenkins	owasp_dependency-check	1.2.5
jenkins	owasp_dependency-check	1.2.6
jenkins	owasp_dependency-check	1.2.7
jenkins	owasp_dependency-check	1.2.7.1
jenkins	owasp_dependency-check	1.2.8
jenkins	owasp_dependency-check	1.2.9
jenkins	owasp_dependency-check	1.2.10
jenkins	owasp_dependency-check	1.2.11
jenkins	owasp_dependency-check	1.2.11.1
jenkins	owasp_dependency-check	1.3.0
jenkins	owasp_dependency-check	1.3.1
jenkins	owasp_dependency-check	1.3.1.1
jenkins	owasp_dependency-check	1.3.1.2
jenkins	owasp_dependency-check	1.3.2
jenkins	owasp_dependency-check	1.3.3
jenkins	owasp_dependency-check	1.3.4
jenkins	owasp_dependency-check	1.3.5
jenkins	owasp_dependency-check	1.3.6
jenkins	owasp_dependency-check	1.4.0
jenkins	owasp_dependency-check	1.4.1
jenkins	owasp_dependency-check	1.4.2
jenkins	owasp_dependency-check	1.4.3
jenkins	owasp_dependency-check	1.4.4
jenkins	owasp_dependency-check	1.4.5
jenkins	owasp_dependency-check	2.0.0
jenkins	owasp_dependency-check	2.0.1
jenkins	owasp_dependency-check	2.0.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "FE428D65-2789-4FD0-AAAD-6B3C07BACC18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "94D1D9E7-451D-4756-B9A4-C9744DBC715D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.2:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "31E1C69C-C417-4339-B962-90D1E392EA92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.3:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "187EEC33-EF1B-4E56-8D06-9721E6EF6A38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "B1FFA96E-AB65-4427-8053-C15BBB991BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "0BDA7EAA-BA4A-486A-ABDC-B07E5C162B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.5:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "BB8439C6-DEE9-484F-A987-FD0139709891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.7:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "72496F9F-6392-46EA-9D40-99717775BCCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.8:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "94488F71-6068-4D40-A489-E7A7CE9B819C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.0:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "F7533C35-FC4A-4D53-BDDF-D877B05A038D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "7D78D0F6-DE89-4456-9AA6-E569F7DD39C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "5DC4746C-AA1F-4D9D-880C-76B42E253F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.2:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "34B2D8CD-C621-4A0A-82BC-E1415FD26C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.2:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "856328A7-BD25-4905-9D49-9B8E9DA67196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.3:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "14959CAC-8561-4BC1-978E-6B6B60F9C78A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "D353EEE8-8C03-4F75-9A02-55F159E24B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "2532B713-4F03-40A5-8549-EC465EDB7558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.0:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "563C0CFF-CA00-4E66-B0EA-631084164BE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "2DB6D211-2140-44DA-94F5-F40E84F32FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.2:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "5CAC68EE-0509-4D50-85B6-D2143B31F6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "982C152C-54B8-4CE7-AB3F-242A69451735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "CF2A2C18-D3F7-4E08-8D06-6083E63A8853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.2:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "2FE0020C-D1C4-4EA0-896E-D40301F7D54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.4:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "4DC56E2F-AFDE-46FF-A971-0071B13CD57F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.5:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "7C655E9A-E4FB-4A93-A700-12E73CB158DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.6:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "BA82EB1F-223A-43A8-85FF-6BDEC57EC96E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "EE5DFF68-55E3-474C-8AEC-9FA8FFEAB29B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "167B3711-E4F6-4F7A-A7D5-1AB306ABADAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.8:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "D9734E28-3E4D-441B-9A25-010AF22EF2CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.9:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "E0193375-C35E-4471-BFBF-323609286D3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.10:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "A4714A4A-AB41-4E3B-B1FB-126876077209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "B32A175D-CC97-475E-BA84-0FD80190C550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "43F2EBBF-ACC5-45B8-A05A-AD33A087E4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.0:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "CF8D99B6-078E-4CB7-9C15-309269C9475E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "76448741-A34E-40CC-B29C-3AA807D8DA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "5F7DD792-C2AC-4C7D-B499-2139AEC95D9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.2:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "4B24A3BA-34F4-47C2-9102-72A7242C373D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.2:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "0FC17478-320A-40E5-A6A9-269B5B0E78FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.3:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "797EC1B7-B003-436A-A16D-38C17D24E7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.4:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "454D7BAC-360D-4484-9806-06398D7D81B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.5:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "C363C3E1-06CC-4241-8BDC-D897F1A36CA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.6:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "D30FA350-D520-4569-87C3-DCAD6B476932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.0:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "CAA3F171-2461-4AB1-B943-158C397917EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "6AAF4F60-365C-45B2-A35A-4249E24741FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.2:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "5ABC369B-7051-447F-8BAA-54E5A25CB489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.3:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "6BA1E839-43E6-400A-9848-8A56FB8B87E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.4:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "8ABF8C5E-4131-4C53-86B8-B44D65749C9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.5:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "9A5F226A-69A0-43E3-8F1F-B332C5BDFCA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:2.0.0:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "435597BF-F804-4A1E-A781-AEB432A5B5FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "C111631F-92EC-4F0F-AD09-7DE270A5C1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1.1:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "D926C362-4745-4D29-8C35-E558D8DC976A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view."
    },
    {
      "lang": "es",
      "value": "La vista Details personalizada del plugin OWASP Dependency-Check basado en Static Analysis Utilities era vulnerable a Cross-Site Scripting (XSS) persistente. Los usuarios maliciosos capaces de influenciar las entradas en este plugin podr\u00edan insertar HTML arbitrario en esta vista."
    }
  ],
  "id": "CVE-2017-1000109",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-05T01:29:04.367",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100227"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jenkins.io/security/advisory/2017-08-07/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jenkins.io/security/advisory/2017-08-07/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-28764

Vulnerability from cnvd - Published: 2017-09-29

Title

Jenkins OWASP Dependency-Check插件HTML注入漏洞

Description

CloudBees Jenkins（前称Hudson Labs）是美国CloudBees公司的一套基于Java开发的持续集成工具，它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。OWASP Dependency-Check Plugin是其中的一个依赖关系检测插件。 Jenkins OWASP Dependency-Check插件2.0.1.1及之前的版本中存在HTML注入漏洞，该漏洞源于程序未能正确的过滤用户提交的输入。远程攻击者可利用该漏洞在受影响应用程序的上下文中执行任意的HTML和脚本代码，可能窃取基于cookie的身份验证证书或控制页面呈现的方式。

Severity

中

Patch Name

Jenkins OWASP Dependency-Check插件HTML注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://jenkins.io/security/advisory/2017-08-07/

Reference

https://jenkins.io/security/advisory/2017-08-07/

Impacted products

Name
['Jenkins CI Jenkins 16', 'CloudBees Jenkins OWASP Dependency-Check <=2.0.1.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1000109"
    }
  },
  "description": "CloudBees Jenkins\uff08\u524d\u79f0Hudson Labs\uff09\u662f\u7f8e\u56fdCloudBees\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eJava\u5f00\u53d1\u7684\u6301\u7eed\u96c6\u6210\u5de5\u5177\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u6301\u7eed\u7684\u8f6f\u4ef6\u7248\u672c\u53d1\u5e03/\u6d4b\u8bd5\u9879\u76ee\u548c\u4e00\u4e9b\u5b9a\u65f6\u6267\u884c\u7684\u4efb\u52a1\u3002OWASP Dependency-Check Plugin\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4f9d\u8d56\u5173\u7cfb\u68c0\u6d4b\u63d2\u4ef6\u3002\r\n\r\nJenkins OWASP Dependency-Check\u63d2\u4ef62.0.1.1\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u7684HTML\u548c\u811a\u672c\u4ee3\u7801\uff0c\u53ef\u80fd\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8eab\u4efd\u9a8c\u8bc1\u8bc1\u4e66\u6216\u63a7\u5236\u9875\u9762\u5448\u73b0\u7684\u65b9\u5f0f\u3002",
  "discovererName": "CloudBees",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://jenkins.io/security/advisory/2017-08-07/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-28764",
  "openTime": "2017-09-29",
  "patchDescription": "CloudBees Jenkins\uff08\u524d\u79f0Hudson Labs\uff09\u662f\u7f8e\u56fdCloudBees\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eJava\u5f00\u53d1\u7684\u6301\u7eed\u96c6\u6210\u5de5\u5177\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u6301\u7eed\u7684\u8f6f\u4ef6\u7248\u672c\u53d1\u5e03/\u6d4b\u8bd5\u9879\u76ee\u548c\u4e00\u4e9b\u5b9a\u65f6\u6267\u884c\u7684\u4efb\u52a1\u3002OWASP Dependency-Check Plugin\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4f9d\u8d56\u5173\u7cfb\u68c0\u6d4b\u63d2\u4ef6\u3002\r\n\r\nJenkins OWASP Dependency-Check\u63d2\u4ef62.0.1.1\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u7684HTML\u548c\u811a\u672c\u4ee3\u7801\uff0c\u53ef\u80fd\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8eab\u4efd\u9a8c\u8bc1\u8bc1\u4e66\u6216\u63a7\u5236\u9875\u9762\u5448\u73b0\u7684\u65b9\u5f0f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Jenkins OWASP Dependency-Check\u63d2\u4ef6HTML\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Jenkins CI Jenkins 16",
      "CloudBees Jenkins OWASP Dependency-Check \u003c=2.0.1.1"
    ]
  },
  "referenceLink": "https://jenkins.io/security/advisory/2017-08-07/",
  "serverity": "\u4e2d",
  "submitTime": "2017-08-17",
  "title": "Jenkins OWASP Dependency-Check\u63d2\u4ef6HTML\u6ce8\u5165\u6f0f\u6d1e"
}

GSD-2017-1000109

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-1000109

Aliases

CVE-2017-1000109

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-1000109",
    "description": "The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.",
    "id": "GSD-2017-1000109",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-1000109.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-1000109"
      ],
      "details": "The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.",
      "id": "GSD-2017-1000109",
      "modified": "2023-12-13T01:21:02.109268Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "DATE_ASSIGNED": "2017-08-22T17:29:33.322861",
        "ID": "CVE-2017-1000109",
        "REQUESTER": "ml@beckweb.net",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "100227",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100227"
          },
          {
            "name": "https://jenkins.io/security/advisory/2017-08-07/",
            "refsource": "CONFIRM",
            "url": "https://jenkins.io/security/advisory/2017-08-07/"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[1.0.1,1.0.1.1],[1.0.2,1.0.4.1],[1.0.5],[1.0.7,1.0.8],[1.1.0,1.1.1.2], [1.1.2,1.1.4.1],[1.2.0,1.2.3.2],[1.2.4,1.2.7.1],[1.2.8,1.2.11.1],[1.3.0,1.3.1.2], [1.3.2,1.3.6],[1.4.0,1.4.5],[2.0.0,2.0.1.1]",
          "affected_versions": "All versions starting from 1.0.1 up to 1.0.1.1, all versions starting from 1.0.2 up to 1.0.4.1, version 1.0.5, all versions starting from 1.0.7 up to 1.0.8, all versions starting from 1.1.0 up to 1.1.1.2, all versions starting from 1.1.2 up to 1.1.4.1, all versions starting from 1.2.0 up to 1.2.3.2, all versions starting from 1.2.4 up to 1.2.7.1, all versions starting from 1.2.8 up to 1.2.11.1, all versions starting from 1.3.0 up to 1.3.1.2, all versions starting from 1.3.2 up to 1.3.6, all versions starting from 1.4.0 up to 1.4.5, all versions starting from 2.0.0 up to 2.0.1.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2017-10-19",
          "description": "The OWASP Dependency-Check Plugin is vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.",
          "fixed_versions": [
            "2.1"
          ],
          "identifier": "CVE-2017-1000109",
          "identifiers": [
            "CVE-2017-1000109"
          ],
          "not_impacted": "All versions before 1.0.1, all versions after 1.0.1.1 before 1.0.2, all versions after 1.0.4.1 before 1.0.5, all versions after 1.0.5 before 1.0.7, all versions after 1.0.8 before 1.1.0, all versions after 1.1.1.2 before 1.1.2, all versions after 1.1.4.1 before 1.2.0, all versions after 1.2.3.2 before 1.2.4, all versions after 1.2.7.1 before 1.2.8, all versions after 1.2.11.1 before 1.3.0, all versions after 1.3.1.2 before 1.3.2, all versions after 1.3.6 before 1.4.0, all versions after 1.4.5 before 2.0.0, all versions after 2.0.1.1",
          "package_slug": "maven/org.jenkins-ci.plugins/dependency-check-jenkins-plugin",
          "pubdate": "2017-10-05",
          "solution": "Upgrade to version 2.1 or above.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2017-1000109",
            "http://www.securityfocus.com/bid/100227",
            "https://jenkins.io/security/advisory/2017-08-07/"
          ],
          "uuid": "7c182444-9049-4eca-b451-c31b64b9abdb"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.7:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.0:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.4:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.6:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.6:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:2.0.0:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.2:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.2:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.3:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.8:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.9:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.10:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.2:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.3:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.4:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.5:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.2:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.3:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.2:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.2:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.2:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.2:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.3:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.4:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.5:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.0.8:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.0:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.5:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.0:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.3.5:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:1.4.0:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-1000109"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jenkins.io/security/advisory/2017-08-07/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://jenkins.io/security/advisory/2017-08-07/"
            },
            {
              "name": "100227",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100227"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-10-19T20:52Z",
      "publishedDate": "2017-10-05T01:29Z"
    }
  }
}

GHSA-65CQ-WHR4-7C2V

Vulnerability from github – Published: 2022-05-17 00:32 – Updated: 2024-01-30 22:33

Summary

Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.1.1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:dependency-check-jenkins-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-1000109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T22:33:48Z",
    "nvd_published_at": "2017-10-05T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.",
  "id": "GHSA-65cq-whr4-7c2v",
  "modified": "2024-01-30T22:33:48Z",
  "published": "2022-05-17T00:32:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000109"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2017-08-07"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-1000109 (GCVE-0-2017-1000109)

FKIE_CVE-2017-1000109

CNVD-2017-28764

GSD-2017-1000109

GHSA-65CQ-WHR4-7C2V

Tags

Sightings

Nomenclature