What is CVE-2019-10396?

CVE-2019-10396 is a vulnerability in the Jenkins Dashboard View Plugin 2.11 and earlier that allows cross-site scripting (XSS) attacks.

How does CVE-2019-10396 affect me?

If you are using Jenkins Dashboard View Plugin 2.11 or earlier, your system may be vulnerable to cross-site scripting attacks when users are able to change build descriptions.

How severe is CVE-2019-10396?

CVE-2019-10396 has a severity level of medium with a CVSS score of 5.4.

How can I fix CVE-2019-10396?

To fix CVE-2019-10396, you should upgrade your Jenkins Dashboard View Plugin to version 2.12 or later.

Are there any references for CVE-2019-10396?

Yes, you can find more information about CVE-2019-10396 at the following references: [Link 1](http://www.openwall.com/lists/oss-security/2019/09/12/2), [Link 2](https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1489).

Vulnerability/
CVE-2019-10396

medium

5.4

CWE

12/9/2019

24/5/2022

4/8/2024

CVE-2019-10396: XSS

First published: Thu Sep 12 2019(Updated: )

Dashboard View Plugin did not escape the build description on the Latest Builds View. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the description of builds shown on that view. Dashboard View Plugin now applies the configured markup formatter to the build description, rendering it as it appears elsewhere in Jenkins.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
Jenkins Dashboard View	<=2.11
maven/org.jenkins-ci.plugins:dashboard-view	<2.12	2.12

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-10396?
CVE-2019-10396 is a vulnerability in the Jenkins Dashboard View Plugin 2.11 and earlier that allows cross-site scripting (XSS) attacks.
How does CVE-2019-10396 affect me?
If you are using Jenkins Dashboard View Plugin 2.11 or earlier, your system may be vulnerable to cross-site scripting attacks when users are able to change build descriptions.
How severe is CVE-2019-10396?
CVE-2019-10396 has a severity level of medium with a CVSS score of 5.4.
How can I fix CVE-2019-10396?
To fix CVE-2019-10396, you should upgrade your Jenkins Dashboard View Plugin to version 2.12 or later.
Are there any references for CVE-2019-10396?
Yes, you can find more information about CVE-2019-10396 at the following references: [Link 1](http://www.openwall.com/lists/oss-security/2019/09/12/2), [Link 2](https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1489).

collector/nvd-index
collector/nvd-api
collector/github-advisory-latest
alias/GHSA-fv4q-4h24-23qr
alias/CVE-2019-10396
collector/nvd-cve
collector/github-advisory
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/softwarecombine
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/trending
vendor/jenkins
canonical/jenkins dashboard view
version/jenkins dashboard view/2.11
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.