CVE-2011-4344: Jenkins allows Cross-Site Scripting (XSS)

May 17, 2022 (updated March 13, 2025)

Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

References

github.com/advisories/GHSA-q3rp-555r-hh6r
github.com/jenkinsci/jenkins
github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch
nvd.nist.gov/vuln/detail/CVE-2011-4344
web.archive.org/web/20200229031004/https://www.securityfocus.com/bid/50786

Detect and mitigate CVE-2011-4344 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →