CVE-2019-10325: A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary…

medium5.4CVSS 3.0

AVNACLPRLUIRSCCLILAN

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.

Affected

10 ranges

Vendor	Product	Version range	Fixed in
jenkins	artifactory_plugin	—	—
jenkins	gitea_plugin	—	—
jenkins	ids_to_allow_users_configuring_the_plugin	—	—
jenkins	improper_handling_of_untrusted_branches_in_gitea_plugin	—	—
jenkins	influxdb_plugin	—	—
jenkins	pipeline_maven_integration_plugin	—	—
jenkins	pipeline_remote_loader_plugin	—	—
jenkins	warnings_next_generation	<= 5.0.0	—
jenkins	warnings_plugin	—	—
jenkins_project	jenkins_warnings_ng_plugin	—	—