CVE-2019-10349 Vulnerability in maven package org.jenkins-ci.plugins:depgraph-view

Description

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Remediation

References

http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html

http://www.openwall.com/lists/oss-security/2019/07/11/4

http://www.securityfocus.com/bid/109156

https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177

Related Vulnerabilities

CVE-2022-36917 Vulnerability in maven package org.jenkins-ci.plugins:google-cloud-backup

CVE-2019-10757 Vulnerability in maven package org.webjars.npm:knex

CVE-2019-17570 Vulnerability in maven package org.apache.xmlrpc:xmlrpc

CVE-2023-0835 Vulnerability in npm package markdown-pdf

CVE-2023-38509 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N