Jenkins JDK / Ant Tools Job Configuration Stored XSS Vulnerability (SECURITY-624) (deprecated)

medium Nessus Plugin ID 105293


The Jenkins software installed on the remote host is affected by a cross-site scripting Vulnerability.


The Jenkins advisory 2018-01-22 has updated to note this vulnerability to be specific to the Ant plugin, which cannot be accurately detected remotely with this plugin. Thus this plugin has been deprecated.

See Also

Plugin Details

Severity: Medium

ID: 105293

File Name: jenkins_security624.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 12/15/2017

Updated: 8/6/2018

Risk Information


Risk Factor: Low

Score: 3.0


Risk Factor: Medium

Base Score: 4

Temporal Score: 3.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N


Risk Factor: Medium

Base Score: 4.1

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:cloudbees:jenkins

Required KB Items: www/Jenkins

Vulnerability Publication Date: 12/5/2017

Reference Information

CVE: CVE-2017-17383

BID: 102130