CVE-2019-10396

Name of the Vulnerable Software and Affected Versions Jenkins Dashboard View Plugin versions 2.11 and earlier

Description The issue is related to a cross-site scripting vulnerability. It occurs because build descriptions are not properly escaped, allowing attackers who can change build descriptions to exploit this weakness. The vulnerability is exploitable by users able to control the description of builds shown on the Latest Builds View.

Recommendations For Jenkins Dashboard View Plugin versions 2.11 and earlier, update the plugin to apply the configured markup formatter to the build description, rendering it as it appears elsewhere in Jenkins, to prevent cross-site scripting exploitation.