Description

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Remediation

References

http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html

http://www.openwall.com/lists/oss-security/2019/07/11/4

http://www.securityfocus.com/bid/109156

https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177

Related Vulnerabilities

CVE-2020-28472 Vulnerability in maven package org.webjars.npm:aws-sdk

CVE-2016-10523 Vulnerability in npm package mqtt-packet

CVE-2018-1000616 Vulnerability in maven package org.onosproject:onos-cli

CVE-2021-37695 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4

CVE-2020-7660 Vulnerability in maven package org.webjars.npm:serialize-javascript

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory VDB Entry Mailing List Broken Link Vendor Advisory