CVE-2019-10432
published 2019-10-01CVE-2019-10432: Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | dingtalk_plugin | — | — |
| jenkins | html_publisher | <= 1.20 | — |
| jenkins | html_publisher_plugin | — | — |
| jenkins | ldap_email_plugin | — | — |
| jenkins | sandbox_protection_in_script_security_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | sourcegear_vault_plugin | — | — |
| jenkins_project | jenkins_html_publisher_plugin | — | — |