cbcvebase.
CVE-2019-10349
published 2019-07-11

CVE-2019-10349: A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to…

PriorityP434medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
3.89%
88.9th percentile
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Affected

9 ranges
VendorProductVersion rangeFixed in
jenkinscaliper_ci_plugin
jenkinsdependency_graph_viewer<= 0.13
jenkinsdependency_graph_viewer_plugin
jenkinsdocker_plugin
jenkinsembeddable_build_status_plugin
jenkinsgogs_plugin
jenkinsids_to_allow_users_configuring_the_plugin
jenkinsport_allocator_plugin
jenkins_projectjenkins_dependency_graph_viewer_plugin

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.