PT-2019-11796 · Cloudbees+1 · Jenkins

Matt Sicker

Publicado

2019-09-25

Atualizado

2023-11-02

CVE-2019-10402

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.196 and earlier Jenkins LTS versions 2.176.3 and earlier

Description The issue allows for a stored XSS vulnerability due to the f:combobox form control interpreting its item labels as HTML. This can be exploited by users who have permission to define the contents of the form control.

Recommendations For Jenkins versions 2.196 and earlier, update to a version later than 2.196 to resolve the issue. For Jenkins LTS versions 2.176.3 and earlier, update to a version later than 2.176.3 to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-10402

GHSA-Q6Q9-83XW-MP6P

Produtos afetados

Jenkins

PT-2019-11796 · Cloudbees+1 · Jenkins

CVE-2019-10402

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7