Global Build Stats Plugin for Jenkins is prone to multiple security vulnerabilities.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials, perform unauthorized actions within the context of the vulnerable application.
Information
Exploit
To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI.
References:
- Global Build Stats Plugin Homepage (Jenkins)
- Jenkins CI Homepage (Jenkins CI)
- Jenkins Security Advisory 2017-10-23 (Jenkins)