CVE-2019-10396 – org.jenkins-ci.plugins:dashboard-view

Package

Manager: maven
Name: org.jenkins-ci.plugins:dashboard-view
Vulnerable Version: >=0 <2.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00121 pctl0.31931

Details

Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting Dashboard View Plugin did not escape the build description on the Latest Builds View. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the description of builds shown on that view. Dashboard View Plugin now applies the configured markup formatter to the build description, rendering it as it appears elsewhere in Jenkins.

Metadata

Created: 2022-05-24T16:55:59Z
Modified: 2023-03-02T16:40:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fv4q-4h24-23qr/GHSA-fv4q-4h24-23qr.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-fv4q-4h24-23qr
Finding: F425
Auto approve: 1