Medium severity4.7NVD Advisory· Published Dec 6, 2017· Updated May 13, 2026
CVE-2017-17383
CVE-2017-17383
Description
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.94 | 2.94 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- vsintelli.com/portal/blog/23-security-advisory-2017-12-04nvdThird Party AdvisoryWEB
- www.securityfocus.com/bid/102130nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-x3rc-cxv7-6xp6ghsaADVISORY
- jenkins.io/security/advisory/2017-12-05/nvdVendor Advisory
- nvd.nist.gov/vuln/detail/CVE-2017-17383ghsaADVISORY
- jenkins.io/security/advisory/2017-12-05ghsaWEB
News mentions
0No linked articles in our index yet.