CVE-2019-1003050
published 2019-04-10CVE-2019-1003050: The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | jenkins | <= 2.164.1 | — |
| jenkins | jenkins | <= 2.171 | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins_project | jenkins | — | — |
| oracle | communications_cloud_native_core_automated_test_suite | — | — |
| redhat | openshift_container_platform | — | — |