CVE-2017-1000404: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 14, 2022 (updated December 12, 2022)

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter ‘fullscreen’ in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.

References

www.securityfocus.com/bid/101927
github.com/advisories/GHSA-g364-c7w5-93wh
jenkins.io/security/advisory/2017-11-16/
nvd.nist.gov/vuln/detail/CVE-2017-1000404

Detect and mitigate CVE-2017-1000404 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →