CVE-2019-10349
published 2019-07-11CVE-2019-10349: A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to…
PriorityP434medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
3.89%
88.9th percentile
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | caliper_ci_plugin | — | — |
| jenkins | dependency_graph_viewer | <= 0.13 | — |
| jenkins | dependency_graph_viewer_plugin | — | — |
| jenkins | docker_plugin | — | — |
| jenkins | embeddable_build_status_plugin | — | — |
| jenkins | gogs_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | port_allocator_plugin | — | — |
| jenkins_project | jenkins_dependency_graph_viewer_plugin | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting
ghsa·2022-05-24
CVE-2019-10349 [MEDIUM] CWE-79 Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting
Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
OSV
Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting
osv·2022-05-24
CVE-2019-10349 [MEDIUM] Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting
Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Jenkins
Jenkins Security Advisory 2019-07-11
vendor_jenkins·2019-07-11·CVSS 8.8
CVE-2019-10340 [HIGH] Jenkins Security Advisory 2019-07-11
Title: Jenkins Security Advisory 2019-07-11
Jenkins Security Advisory 2019-07-11
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Caliper CI
Plugin
Dependency Graph Viewer
Plugin
Docker
Plugin
Embeddable Build Status
Plugin
Gogs
Plugin
mashup-portlets-plugin
Plugin
Port Allocator
Plugin
Descrip
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.htmlhttp://www.openwall.com/lists/oss-security/2019/07/11/4http://www.securityfocus.com/bid/109156https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.htmlhttp://www.openwall.com/lists/oss-security/2019/07/11/4http://www.securityfocus.com/bid/109156https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177
2019-07-11
Published