What is CVE-2019-1003013?

CVE-2019-1003013 is a cross-site scripting vulnerability in Jenkins Blue Ocean Plugins 1.10.1 and earlier.

How severe is CVE-2019-1003013?

CVE-2019-1003013 has a severity rating of 5.4, which is considered medium.

What software is affected by CVE-2019-1003013?

Jenkins Blue Ocean Plugins 1.10.1 and earlier as well as Redhat Openshift Container Platform 3.11 are affected by CVE-2019-1003013.

How can I fix CVE-2019-1003013?

To fix CVE-2019-1003013, upgrade to a version of Jenkins Blue Ocean Plugins that is later than 1.10.1.

Where can I find more information about CVE-2019-1003013?

You can find more information about CVE-2019-1003013 at the following references: [1] [2] [3].

Vulnerability/
CVE-2019-1003013

medium

5.4

CWE

6/2/2019

13/5/2022

5/8/2024

CVE-2019-1003013: XSS

First published: Wed Feb 06 2019(Updated: )

A cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user. This vulnerability is found in: - blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java - blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java - blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java - blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java - blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
Jenkins Blue Ocean	<=1.10.1
Redhat Openshift Container Platform	=3.11
maven/io.jenkins.blueocean:blueocean	<1.10.2	1.10.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-1003013?
CVE-2019-1003013 is a cross-site scripting vulnerability in Jenkins Blue Ocean Plugins 1.10.1 and earlier.
How severe is CVE-2019-1003013?
CVE-2019-1003013 has a severity rating of 5.4, which is considered medium.
What software is affected by CVE-2019-1003013?
Jenkins Blue Ocean Plugins 1.10.1 and earlier as well as Redhat Openshift Container Platform 3.11 are affected by CVE-2019-1003013.
How can I fix CVE-2019-1003013?
To fix CVE-2019-1003013, upgrade to a version of Jenkins Blue Ocean Plugins that is later than 1.10.1.
Where can I find more information about CVE-2019-1003013?
You can find more information about CVE-2019-1003013 at the following references: [1] [2] [3].

collector/nvd-index
collector/nvd-api
collector/github-advisory-latest
alias/GHSA-7fjr-5hph-c2mh
alias/CVE-2019-1003013
collector/github-advisory
collector/nvd-cve
agent/author
agent/severity
agent/references
agent/type
agent/description
agent/event
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/tags
agent/weakness
collector/mitre-cve
source/MITRE
vendor/jenkins
canonical/jenkins blue ocean
version/jenkins blue ocean/1.10.1
vendor/redhat
canonical/redhat openshift container platform
version/redhat openshift container platform/3.11
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.