vulnerability

Jenkins Advisory 2018-05-09: CVE-2018-1000202: Persisted cross-site scripting vulnerability in Groovy Postbuild Plugin

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Jun 5, 2018	Jan 21, 2019	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Jun 5, 2018

Added

Jan 21, 2019

Modified

Aug 11, 2025

Description

A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

Solutions

jenkins-lts-upgrade-2_107_3jenkins-upgrade-2_121

References

CVE-2018-100020
https://attackerkb.com/topics/CVE-2018-100020
CWE-79
URL-https://jenkins.io/security/advisory/2018-05-09/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today