CVE-2017-1000109

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.
References
Link Resource
http://www.securityfocus.com/bid/100227 Third Party Advisory VDB Entry
https://jenkins.io/security/advisory/2017-08-07/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.0.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.0.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.0.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.0.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.0.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.1.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.1.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.1.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.3.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.3.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.3.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.3.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.3.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.3.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.4.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.4.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.4.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.4.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.4.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:1.4.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:2.0.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1.1:*:*:*:*:jenkins:*:*

History

No history.

Information

Published : 2017-10-05 01:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-1000109

Mitre link : CVE-2017-1000109

CVE.ORG link : CVE-2017-1000109


JSON object : View

Products Affected

jenkins

  • owasp_dependency-check
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')