Moderate severityOSV Advisory· Published Jan 9, 2019· Updated Aug 5, 2024
CVE-2018-1000415
CVE-2018-1000415
Description
Jenkins Rebuilder Plugin 1.28 and earlier is vulnerable to stored XSS in rebuild forms, allowing users with Job/Configuration permission to inject arbitrary HTML.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jenkins Rebuilder Plugin 1.28 and earlier is vulnerable to stored XSS in rebuild forms, allowing users with Job/Configuration permission to inject arbitrary HTML.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in Jenkins Rebuilder Plugin version 1.28 and earlier. The issue is located in multiple Jelly views under RebuildAction/, including BooleanParameterValue.jelly, ExtendedChoiceParameterValue.jelly, FileParameterValue.jelly, LabelParameterValue.jelly, ListSubversionTagsParameterValue.jelly, MavenMetadataParameterValue.jelly, NodeParameterValue.jelly, PasswordParameterValue.jelly, RandomStringParameterValue.jelly, RunParameterValue.jelly, StringParameterValue.jelly, TextParameterValue.jelly, and ValidatingStringParameterValue.jelly [1][2]. These views fail to properly escape user-controlled parameter names and descriptions, allowing injection of arbitrary HTML into rebuild forms.
Exploitation
An attacker must have Job/Configuration permission in Jenkins to exploit this vulnerability. With this permission, the attacker can craft malicious input for parameter names or descriptions that contain HTML or JavaScript code. When a user with higher privileges (such as Job/Build) triggers the rebuild functionality, the injected code is rendered in the rebuild form, leading to stored XSS [1]. The fix commit shows changes that escape output and enable the escapeEntryTitleAndDescription option [3].
Impact
Successful exploitation allows an attacker to inject arbitrary HTML or JavaScript into the Jenkins interface. This can lead to disclosure of sensitive information, session hijacking, or other actions performed in the context of the victim user's session, potentially compromising the Jenkins instance and its managed jobs.
Mitigation
The Rebuilder Plugin has released a fix in version 1.29. Users should upgrade to version 1.29 or later to remediate the vulnerability [1][3]. As of the advisory date (2018-09-25), no workarounds are documented. This CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
References
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.sonyericsson.hudson.plugins.rebuild:rebuildMaven | < 1.29 | 1.29 |
Affected products
2- Range: rebuild-1.10, rebuild-1.11, rebuild-1.12, …
Patches
13a4ca33a45fa[SECURITY-130]
16 files changed · +30 −16
pom.xml+3 −2 modified@@ -10,8 +10,9 @@ <relativePath /> </parent> <properties> - <jenkins.version>1.642.3</jenkins.version> + <jenkins.version>2.32.2</jenkins.version> <java.level>7</java.level> + <findbugs.failOnError>false</findbugs.failOnError> </properties> <groupId>com.sonyericsson.hudson.plugins.rebuild</groupId> <artifactId>rebuild</artifactId> @@ -151,4 +152,4 @@ <url>http://github.com/jenkinsci/rebuild-plugin</url> <tag>HEAD</tag> </scm> -</project> \ No newline at end of file +</project>
src/main/java/com/sonyericsson/rebuild/RebuildParameterProvider.java+1 −1 modified@@ -47,7 +47,7 @@ * Don't forget to return <code>null</code> for parameter values * other than your custom {@link ParameterValue}. * There are two recommended ways to set values to {@link RebuildParameterPage}: - * <table> + * <table summary="Recommended ways to set values"> * <tr> * <th> </th> * <th>Recommended 1</th>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/BooleanParameterValue.jelly+2 −1 modified@@ -28,7 +28,8 @@ THE SOFTWARE. <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project"> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter" description="${it.description}"> <input type="hidden" name="name" value="${it.name}"/> <f:checkbox name="value" checked="${it.value}"/>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/ExtendedChoiceParameterValue.jelly+2 −1 modified@@ -28,7 +28,8 @@ THE SOFTWARE. <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project"> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter" description="${it.description}"> <input type="hidden" name="name" value="${it.name}"/> <f:textbox name="value" value="${it.value}"/>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/FileParameterValue.jelly+2 −1 modified@@ -28,7 +28,8 @@ THE SOFTWARE. <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project"> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter"> <input type="hidden" name="name" value="${it.name}"/> <input name="file" type="file" jsonAware="true"/>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/LabelParameterValue.jelly+2 −1 modified@@ -3,7 +3,8 @@ <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project"> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter" description="${it.description}"> <input type="hidden" name="name" value="${it.name}"/> <f:textbox name="label" value="${it.label}"/>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/ListSubversionTagsParameterValue.jelly+1 −1 modified@@ -26,7 +26,7 @@ <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project"> - <f:entry title="${it.name}"> + <f:entry title="${h.escape(it.name)}"> <div name="parameter"> <input type="hidden" name="name" value="${it.name}"/> <f:textbox name="tag" value="${it.tag}"/>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/MavenMetadataParameterValue.jelly+2 −1 modified@@ -38,7 +38,8 @@ THE SOFTWARE. <j:set var="pdp" value="${build.getProject().getProperty(paramDefPro)}"/> <j:set var="pname" value="${it.name}"/> <j:set var="pd" value="${pdp.getParameterDefinition(pname)}"/> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter" description="${it.description}"> <input type="hidden" name="name" value="${it.name}"/> <input type="hidden" name="groupId" value="${pd.groupId}"/>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/NodeParameterValue.jelly+2 −1 modified@@ -3,7 +3,8 @@ <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project"> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter" description="${it.description}"> <input type="hidden" name="name" value="${it.name}"/> <f:textbox name="label" value="${it.label}"/>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/PasswordParameterValue.jelly+2 −1 modified@@ -28,7 +28,8 @@ THE SOFTWARE. <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project"> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter" description="${it.description}"> <input type="hidden" name="name" value="${it.name}"/> <j:choose>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/RandomStringParameterValue.jelly+2 −1 modified@@ -28,7 +28,8 @@ THE SOFTWARE. <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project"> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter" description="${it.description}"> <input type="hidden" name="name" value="${it.name}"/> <f:textbox name="value" value="${it.value}"/>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/RunParameterValue.jelly+2 −1 modified@@ -38,7 +38,8 @@ THE SOFTWARE. <j:set var="pdp" value="${build.parent.getProperty(paramDefPro)}"/> <j:set var="pname" value="${it.name}"/> <j:set var="pd" value="${pdp.getParameterDefinition(pname)}"/> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter" description="${it.description}"> <input type="hidden" name="name" value="${it.name}"/> <select name="runId">
src/main/resources/com/sonyericsson/rebuild/RebuildAction/StringParameterValue.jelly+2 −1 modified@@ -28,7 +28,8 @@ THE SOFTWARE. <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project"> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter" description="${it.description}"> <input type="hidden" name="name" value="${it.name}"/> <f:textbox name="value" value="${it.value}"/>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/TextParameterValue.jelly+2 −1 modified@@ -28,7 +28,8 @@ THE SOFTWARE. <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project"> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter" description="${it.description}"> <input type="hidden" name="name" value="${it.name}"/> <f:textarea name="value" value="${it.value}"/>
src/main/resources/com/sonyericsson/rebuild/RebuildAction/ValidatingStringParameterValue.jelly+2 −1 modified@@ -33,7 +33,8 @@ THE SOFTWARE. <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project"> - <f:entry title="${it.name}" description="${it.description}"> + <j:set var="escapeEntryTitleAndDescription" value="false"/> + <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}"> <div name="parameter" description="${it.description}"> <input type="hidden" name="name" value="${it.name}"/> <f:textbox name="value" value="${it.value}"/>
src/test/java/com/sonyericsson/rebuild/RebuildValidatorTest.java+1 −0 modified@@ -181,6 +181,7 @@ public void testWhenProjectWithoutParamsThenRebuildProjectAvailable() */ public void testWhenProjectWithNoParamsDefinedThenRebuildofBuildWithParamsShouldShowParams() throws Exception { + System.setProperty("hudson.model.ParametersAction.keepUndefinedParameters", "true"); FreeStyleProject project = createFreeStyleProject(); // Build (#1)
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-7m8v-w6f9-q2f9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1000415ghsaADVISORY
- www.securityfocus.com/bid/106532ghsavdb-entryx_refsource_BIDWEB
- github.com/jenkinsci/rebuild-plugin/commit/3a4ca33a45fa048c9ab7b7082f87e72c0df848cbghsaWEB
- jenkins.io/security/advisory/2018-09-25/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.