A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2019/07/11/4 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/109156 | Broken Link Third Party Advisory VDB Entry |
https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jenkins
Published: 2019-07-11T13:55:17
Updated: 2023-10-24T16:47:53.485Z
Reserved: 2019-03-29T00:00:00
Link: CVE-2019-10349
JSON object: View
NVD Information
Status : Modified
Published: 2019-07-11T14:15:10.960
Modified: 2023-10-25T18:16:17.447
Link: CVE-2019-10349
JSON object: View
Redhat Information
No data.
CWE