Description

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Remediation

References

https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177

http://www.openwall.com/lists/oss-security/2019/07/11/4

http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html

http://www.securityfocus.com/bid/109156

Related Vulnerabilities

CVE-2011-0534 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2018-1260 Vulnerability in maven package org.springframework.security.oauth:spring-security-oauth2

CVE-2023-42795 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2020-1940 Vulnerability in maven package org.apache.jackrabbit:oak-core

CVE-2022-28731 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory Exploit VDB Entry Broken Link