CVE-2019-10349 Vulnerability in maven package org.jenkins-ci.plugins:depgraph-view

Description

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Remediation

References

http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html

http://www.openwall.com/lists/oss-security/2019/07/11/4

http://www.securityfocus.com/bid/109156

https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177

Related Vulnerabilities

CVE-2018-16483 Vulnerability in npm package express-cart

CVE-2021-33611 Vulnerability in maven package org.webjars.bowergithub.vaadin:vaadin-menu-bar

CVE-2020-36640 Vulnerability in maven package org.bonitasoft.connectors:bonita-connector-webservice

CVE-2021-23341 Vulnerability in maven package org.webjars.npm:prismjs

CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-java

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N