CVE-2019-10349 – org.jenkins-ci.plugins:depgraph-view

Package

Manager: maven
Name: org.jenkins-ci.plugins:depgraph-view
Vulnerable Version: >=0 <0.14

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00931 pctl0.75235

Details

Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Metadata

Created: 2022-05-24T16:50:04Z
Modified: 2023-02-01T18:08:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4wj7-rh5h-5qmr/GHSA-4wj7-rh5h-5qmr.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-4wj7-rh5h-5qmr
Finding: F425
Auto approve: 1