CVE-2019-10401

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.196 and earlier, LTS versions 2.176.3 and earlier

Description The issue concerns a stored XSS vulnerability. It occurs because the f:expandableTextBox form control interprets its content as HTML when expanded. This can be exploited by users who have permission to define its contents, typically those with access to Job/Configure.

Recommendations For Jenkins versions 2.196 and earlier, update to a version later than 2.196 to resolve the issue. For Jenkins LTS versions 2.176.3 and earlier, update to a version later than 2.176.3 to resolve the issue.