Vulnerability Details CVE-2016-3101
Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2016-3101
-
cpe:2.3:a:jenkins:extra_columns:1.0
-
cpe:2.3:a:jenkins:extra_columns:1.1
-
cpe:2.3:a:jenkins:extra_columns:1.10
-
cpe:2.3:a:jenkins:extra_columns:1.11
-
cpe:2.3:a:jenkins:extra_columns:1.12
-
cpe:2.3:a:jenkins:extra_columns:1.13
-
cpe:2.3:a:jenkins:extra_columns:1.14
-
cpe:2.3:a:jenkins:extra_columns:1.15
-
cpe:2.3:a:jenkins:extra_columns:1.16
-
cpe:2.3:a:jenkins:extra_columns:1.2
-
cpe:2.3:a:jenkins:extra_columns:1.3
-
cpe:2.3:a:jenkins:extra_columns:1.4
-
cpe:2.3:a:jenkins:extra_columns:1.5
-
cpe:2.3:a:jenkins:extra_columns:1.6
-
cpe:2.3:a:jenkins:extra_columns:1.7
-
cpe:2.3:a:jenkins:extra_columns:1.8
-
cpe:2.3:a:jenkins:extra_columns:1.9