Description

A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142

Related Vulnerabilities

CVE-2019-10425 Vulnerability in maven package org.jvnet.hudson.plugins:gcal

CVE-2023-45133 Vulnerability in npm package babel-traverse

CVE-2023-47321 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

CVE-2019-10339 Vulnerability in maven package org.jenkins-ci.plugins:jx-resources

CVE-2023-34616 Vulnerability in maven package com.progsbase.libraries:json

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory