CVE-2015-5326: Jenkins allows Cross-Site Scripting (XSS)

May 13, 2022 (updated March 13, 2025)

Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.

References

access.redhat.com/errata/RHSA-2016:0070
github.com/advisories/GHSA-5mwr-jg3r-jv66
github.com/jenkinsci/jenkins
github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608
nvd.nist.gov/vuln/detail/CVE-2015-5326
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Detect and mitigate CVE-2015-5326 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →