CVE-2019-1003023

Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Next Generation Plugin versions 1.0.1 and earlier

Description: A cross-site scripting issue exists that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML. This is due to vulnerabilities in several Java files, including DetailsTableModel.java, SourceDetail.java, SourcePrinter.java, Sanitizer.java, and DuplicateCodeScanner.java.

Recommendations: For Jenkins Warnings Next Generation Plugin versions 1.0.1 and earlier, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the warnings parser input to minimize the risk of arbitrary HTML rendering.