CVE-2013-2033 — Jenkins vulnerable to Cross-site Scripting

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.

How to fix CVE-2013-2033

To remediate CVE-2013-2033, upgrade the affected package to a fixed version below.

Maven/org.jenkins-ci.main:jenkins-core—upgrade to 1.509.1 or later

Is CVE-2013-2033 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.509.1

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-2033
WEBaccess.redhat.com/errata/RHEA-2013:1032
WEBaccess.redhat.com/security/cve/CVE-2013-2033
WEBbugzilla.redhat.com/show_bug.cgi?id=958957
WEB