PT-2019-11756 · Jenkins · Jenkins Maven Release Plugin+1
Published
2019-07-31
·
Updated
2023-10-25
·
CVE-2019-10360
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Maven Release Plugin versions 0.14.0 and earlier
Description
A stored cross site scripting issue allows attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. Variables on affected views are now escaped.
Recommendations
For Jenkins Maven Release Plugin versions 0.14.0 and earlier, update to a version that escapes variables on affected views to prevent the injection of arbitrary HTML and JavaScript.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Maven Release Plugin