Medium severity6.1NVD Advisory· Published Oct 5, 2017· Updated May 13, 2026
CVE-2017-1000109
CVE-2017-1000109
Description
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:dependency-check-jenkins-pluginMaven | < 2.0.1.2 | 2.0.1.2 |
Affected products
51cpe:2.3:a:jenkins:owasp_dependency-check:1.4.2:*:*:*:*:jenkins:*:*+ 50 more
- cpe:2.3:a:jenkins:owasp_dependency-check:1.4.2:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.4.3:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.4.4:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.4.5:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:2.0.0:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:2.0.1.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.0.1.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.0.2:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.0.3:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.0.4.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.0.5:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.0.7:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.0.8:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.1.0:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.1.1.2:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.1.2:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.1.3:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.1.4.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.0:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.2:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.3.2:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.4:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.5:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.6:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.7.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.8:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.9:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.10:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.2.11.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.3.0:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.1:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.3.1.2:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.3.2:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.3.3:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.3.4:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.3.5:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.3.6:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.4.0:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:owasp_dependency-check:1.4.1:*:*:*:*:jenkins:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.securityfocus.com/bid/100227nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-65cq-whr4-7c2vghsaADVISORY
- jenkins.io/security/advisory/2017-08-07/nvdVendor Advisory
- nvd.nist.gov/vuln/detail/CVE-2017-1000109ghsaADVISORY
- jenkins.io/security/advisory/2017-08-07ghsaWEB
News mentions
0No linked articles in our index yet.