CVE-2019-10396
published 2019-09-12CVE-2019-10396: Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | aqua_security_serverless_scanner_plugin | — | — |
| jenkins | beaker_builder_plugin | — | — |
| jenkins | build_environment_plugin | — | — |
| jenkins | dashboard_view | <= 2.11 | — |
| jenkins | dashboard_view_plugin | — | — |
| jenkins | git_client_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | sandbox_protection_in_script_security_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | users_of_git_client_plugin | — | — |
| jenkins_project | jenkins_dashboard_view_plugin | — | — |