CVE-2019-10349: XSS
First published: Thu Jul 11 2019(Updated: )
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.jenkins-ci.plugins:depgraph-view | <=0.13 | 0.14 |
| Jenkins Dependency Graph Viewer | <=0.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html
- http://www.openwall.com/lists/oss-security/2019/07/11/4
- http://www.securityfocus.com/bid/109156
- https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177
- https://nvd.nist.gov/vuln/detail/CVE-2019-10349
- https://github.com/jenkinsci/depgraph-view-plugin/commit/288496fd2e6fe922da3b43067e73cfac07a910e8
- https://github.com/advisories/GHSA-4wj7-rh5h-5qmr (Advisory)
- collector/nvd-index
- collector/nvd-api
- collector/nvd-cve
- collector/github-advisory-latest
- alias/GHSA-4wj7-rh5h-5qmr
- alias/CVE-2019-10349
- collector/github-advisory
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/jenkins
- canonical/jenkins dependency graph viewer
- version/jenkins dependency graph viewer/0.13
- package-manager/maven