CVE-2014-2067

Description

Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."

How to fix CVE-2014-2067

To remediate CVE-2014-2067, upgrade the affected package to a fixed version below.

• Maven/org.jenkins-ci.main:jenkins-core—upgrade to 1.551 or later

Is CVE-2014-2067 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 1.533, < 1.551

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-2067
• PATCHgithub.com/jenkinsci/jenkins
• WEBseclists.org/oss-sec/2014/q1/421
• WEBexchange.xforce.ibmcloud.com/vulnerabilities/91354
• WEB