CVE-2019-10383Cross-site Scripting in Jenkins

CWE-79Cross-site Scripting9 documents8 sources
Severity
4.8MEDIUMNVD
EPSS
0.5%
top 32.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
JenkinsJenkins Project JenkinsOracle Communications Cloud Native Core Automated Test Suite+1 more
Timeline
PublishedAug 28
Latest updateAug 11

Description

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

NVDjenkins/jenkins2.176.2+1
CVEListV5jenkins_project/jenkins2.191 and earlier, LTS 2.176.2 and earlier

Also affects: Openshift Container Platform 3.11, 4.1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
Improper Neutralization of Input During Web Page Generation in Jenkins2022-05-24
OSV
Improper Neutralization of Input During Web Page Generation in Jenkins2022-05-24
CVEList
CVE-2019-10383: A stored cross-site scripting vulnerability in Jenkins 22019-08-28

💥Exploits & PoCs

1
Exploit-DB
Microsoft SharePoint Server 2019 (16.0.10383.20020) - Remote Code Execution (RCE)2025-08-11

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2019-08-282019-08-28
Red Hat
jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)2019-08-28

💬Community

2
Bugzilla
CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)2019-08-30
Bugzilla
CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453) [fedora-all]2019-08-30
CVE-2019-10383 — Cross-site Scripting in Jenkins | cvebase