WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-10374 Vulnerability in maven package org.jenkins-ci.plugins:pegdown-formatter

Description

A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142

Related Vulnerabilities

CVE-2016-8749 Vulnerability in maven package org.apache.camel:camel-jackson

CVE-2023-50767 Vulnerability in maven package org.sonatype.nexus.ci:nexus-jenkins-plugin

CVE-2021-21347 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2021-3645 Vulnerability in npm package @viking04/merge

CVE-2021-3807 Vulnerability in npm package ansi-regex

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory