Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4344

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-4344
Last Modified 12 Dec 2011 11:09:27
Published 01 Dec 2011 06:55:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-4344

Summary

Cross-site scripting (XSS) vulnerability in Jenkins Core in CloudBees Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

Vulnerable Systems

Application

  • Cloudbees Jenkins 1.301

  • Cloudbees Jenkins 1.302

  • Cloudbees Jenkins 1.303

  • Cloudbees Jenkins 1.304

  • Cloudbees Jenkins 1.305

  • Cloudbees Jenkins 1.306

  • Cloudbees Jenkins 1.307

  • Cloudbees Jenkins 1.308

  • Cloudbees Jenkins 1.309

  • Cloudbees Jenkins 1.310

  • Cloudbees Jenkins 1.311

  • Cloudbees Jenkins 1.312

  • Cloudbees Jenkins 1.313

  • Cloudbees Jenkins 1.314

  • Cloudbees Jenkins 1.315

  • Cloudbees Jenkins 1.316

  • Cloudbees Jenkins 1.317

  • Cloudbees Jenkins 1.318

  • Cloudbees Jenkins 1.319

  • Cloudbees Jenkins 1.320

  • Cloudbees Jenkins 1.321

  • Cloudbees Jenkins 1.322

  • Cloudbees Jenkins 1.323

  • Cloudbees Jenkins 1.324

  • Cloudbees Jenkins 1.325

  • Cloudbees Jenkins 1.326

  • Cloudbees Jenkins 1.327

  • Cloudbees Jenkins 1.328

  • Cloudbees Jenkins 1.329

  • Cloudbees Jenkins 1.330

  • Cloudbees Jenkins 1.331

  • Cloudbees Jenkins 1.332

  • Cloudbees Jenkins 1.333

  • Cloudbees Jenkins 1.334

  • Cloudbees Jenkins 1.335

  • Cloudbees Jenkins 1.336

  • Cloudbees Jenkins 1.337

  • Cloudbees Jenkins 1.338

  • Cloudbees Jenkins 1.339

  • Cloudbees Jenkins 1.340

  • Cloudbees Jenkins 1.341

  • Cloudbees Jenkins 1.342

  • Cloudbees Jenkins 1.343

  • Cloudbees Jenkins 1.344

  • Cloudbees Jenkins 1.345

  • Cloudbees Jenkins 1.346

  • Cloudbees Jenkins 1.347

  • Cloudbees Jenkins 1.348

  • Cloudbees Jenkins 1.349

  • Cloudbees Jenkins 1.350

  • Cloudbees Jenkins 1.351

  • Cloudbees Jenkins 1.352

  • Cloudbees Jenkins 1.353

  • Cloudbees Jenkins 1.354

  • Cloudbees Jenkins 1.355

  • Cloudbees Jenkins 1.356

  • Cloudbees Jenkins 1.357

  • Cloudbees Jenkins 1.358

  • Cloudbees Jenkins 1.359

  • Cloudbees Jenkins 1.360

  • Cloudbees Jenkins 1.361

  • Cloudbees Jenkins 1.362

  • Cloudbees Jenkins 1.363

  • Cloudbees Jenkins 1.364

  • Cloudbees Jenkins 1.365

  • Cloudbees Jenkins 1.366

  • Cloudbees Jenkins 1.367

  • Cloudbees Jenkins 1.368

  • Cloudbees Jenkins 1.369

  • Cloudbees Jenkins 1.370

  • Cloudbees Jenkins 1.371

  • Cloudbees Jenkins 1.372

  • Cloudbees Jenkins 1.373

  • Cloudbees Jenkins 1.374

  • Cloudbees Jenkins 1.375

  • Cloudbees Jenkins 1.376

  • Cloudbees Jenkins 1.377

  • Cloudbees Jenkins 1.378

  • Cloudbees Jenkins 1.379

  • Cloudbees Jenkins 1.380

  • Cloudbees Jenkins 1.382

  • Cloudbees Jenkins 1.383

  • Cloudbees Jenkins 1.384

  • Cloudbees Jenkins 1.386

  • Cloudbees Jenkins 1.387

  • Cloudbees Jenkins 1.388

  • Cloudbees Jenkins 1.389

  • Cloudbees Jenkins 1.390

  • Cloudbees Jenkins 1.391

  • Cloudbees Jenkins 1.392

  • Cloudbees Jenkins 1.393

  • Cloudbees Jenkins 1.394

  • Cloudbees Jenkins 1.395

  • Cloudbees Jenkins 1.396

  • Cloudbees Jenkins 1.397

  • Cloudbees Jenkins 1.398

  • Cloudbees Jenkins 1.399

  • Cloudbees Jenkins 1.400

  • Cloudbees Jenkins 1.401

  • Cloudbees Jenkins 1.402

  • Cloudbees Jenkins 1.403

  • Cloudbees Jenkins 1.404

  • Cloudbees Jenkins 1.405

  • Cloudbees Jenkins 1.406

  • Cloudbees Jenkins 1.407

  • Cloudbees Jenkins 1.408

  • Cloudbees Jenkins 1.409

  • Cloudbees Jenkins 1.409.1

  • Cloudbees Jenkins 1.409.2

  • Cloudbees Jenkins 1.410

  • Cloudbees Jenkins 1.411

  • Cloudbees Jenkins 1.412

  • Cloudbees Jenkins 1.413

  • Cloudbees Jenkins 1.414

  • Cloudbees Jenkins 1.415

  • Cloudbees Jenkins 1.416

  • Cloudbees Jenkins 1.417

  • Cloudbees Jenkins 1.418

  • Cloudbees Jenkins 1.419

  • Cloudbees Jenkins 1.420

  • Cloudbees Jenkins 1.421

  • Cloudbees Jenkins 1.422

  • Cloudbees Jenkins 1.423

  • Cloudbees Jenkins 1.424

  • Cloudbees Jenkins 1.425

  • Cloudbees Jenkins 1.426

  • Cloudbees Jenkins 1.427

  • Cloudbees Jenkins 1.428

  • Cloudbees Jenkins 1.429

  • Cloudbees Jenkins 1.430

  • Cloudbees Jenkins 1.431

  • Cloudbees Jenkins 1.432

  • Cloudbees Jenkins 1.433

  • Cloudbees Jenkins 1.434

  • Cloudbees Jenkins 1.435

  • Cloudbees Jenkins 1.436

  • Cloudbees Jenkins 1.437

  • Cloudbees Jenkins1.381


References

CONFIRM - https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch

CONFIRM - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb

MLIST - [oss-security] 20111123 Re: CVE request: jenkins

MLIST - [oss-security] 20111123 CVE request: jenkins

MLIST - [jenkinsci-advisories] 20111109 Security advisory in Jenkins Core

BID - 50786

SECUNIA - 46911


Last Updated: 27 May 2016 10:57:51