CVE-2018-1000129 — Cross-site Scripting in Jolokia agent

Description

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

How to fix CVE-2018-1000129

To remediate CVE-2018-1000129, upgrade the affected package to a fixed version below.

Maven/org.jolokia:jolokia-core—upgrade to 1.5.0 or later

Is CVE-2018-1000129 being exploited?

Likely — EPSS is 76.8%, placing CVE-2018-1000129 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

>= 1.3.7, < 1.5.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-1000129
PATCHgithub.com/rhuss/jolokia
WEBaccess.redhat.com/errata/RHSA-2018:2669
WEBaccess.redhat.com/errata/RHSA-2018:3817
WEB