WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-10374 Vulnerability in maven package org.jenkins-ci.plugins:pegdown-formatter

Description

A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142

Related Vulnerabilities

CVE-2022-35961 Vulnerability in npm package @openzeppelin/contracts-upgradeable

CVE-2021-23439 Vulnerability in npm package file-upload-with-preview

CVE-2019-10755 Vulnerability in maven package org.pac4j:pac4j-saml

CVE-2020-28446 Vulnerability in npm package ntesseract

CVE-2020-35213 Vulnerability in maven package io.atomix:atomix

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory