CVE-2019-16563 – tech.andrey.jenkins:mission-control-view

Package

Manager: maven
Name: tech.andrey.jenkins:mission-control-view
Vulnerable Version: >=0 <=0.9.16

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00233 pctl0.4604

Details

Cross site scripting in Jenkins Mission Control Plugin Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.

Metadata

Created: 2022-05-24T17:03:48Z
Modified: 2022-11-01T22:51:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9523-474x-5h36/GHSA-9523-474x-5h36.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9523-474x-5h36
Finding: F425
Auto approve: 1