{"id":"CVE-2018-1000415","details":"A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms.","aliases":["GHSA-7m8v-w6f9-q2f9"],"modified":"2026-04-10T04:03:24.551720Z","published":"2019-01-09T23:29:02.577Z","references":[{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2018-09-25/#SECURITY-130"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106532"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/rebuild-plugin","events":[{"introduced":"0"},{"last_affected":"bfca6459d2f9d285d48193fa6d5a3225dc408cf1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.28"}]}}],"versions":["rebuild-1.10","rebuild-1.11","rebuild-1.12","rebuild-1.13","rebuild-1.14","rebuild-1.15","rebuild-1.16","rebuild-1.17","rebuild-1.18","rebuild-1.19","rebuild-1.20","rebuild-1.21","rebuild-1.22","rebuild-1.23","rebuild-1.24","rebuild-1.25","rebuild-1.27","rebuild-1.28","rebuild-1.5","rebuild-1.6","rebuild-1.7","rebuild-1.8","rebuild-1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000415.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}