Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 18 Nov 2017 08:27:16 +0100
From: Daniel Beck <ml@...kweb.net>
To: oss-security@...ts.openwall.com
Subject: Re: Reflected Cross-Site Scripting Vulnerability in
 Jenkins Delivery Pipeline Plugin


> On 16. Nov 2017, at 16:23, Daniel Beck <ml@...kweb.net> wrote:
> 
> SECURITY-640
> Delivery Pipeline Plugin used the unescaped content of the query parameter 
> `fullscreen` in its JavaScript, resulting in a cross-site scripting 
> vulnerability through specially crafted URLs.


CVE-2017-1000404

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.