CVE-2019-10349 Vulnerability in maven package org.jenkins-ci.plugins:depgraph-view

Description

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Remediation

References

http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html

http://www.openwall.com/lists/oss-security/2019/07/11/4

http://www.securityfocus.com/bid/109156

https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177

Related Vulnerabilities

CVE-2020-7691 Vulnerability in maven package org.webjars.bower:jspdf

CVE-2020-7714 Vulnerability in npm package confucious

CVE-2021-25933 Vulnerability in maven package org.opennms:opennms-webapp

CVE-2020-7226 Vulnerability in maven package org.cryptacular:cryptacular

CVE-2023-35145 Vulnerability in maven package org.jenkins-ci.plugins:sonargraph-integration

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N