CVE-2016-4988
Cross-site Scripting in Jenkins Build Failure Analyzer plugin
6.1
MEDIUM
CVSS 3.1
EPSS 0.09%
Description
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
How to fix CVE-2016-4988
To remediate CVE-2016-4988, upgrade the affected package to a fixed version below.
- Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer—upgrade to 1.16.0 or later
Is CVE-2016-4988 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.16.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |