CVE-2019-10404

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.196 and earlier Jenkins LTS versions 2.176.3 and earlier

Description The issue results from the failure to escape the reason why a queue item is blocked in tooltips, leading to a stored XSS vulnerability. This can be exploited by users who can control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors.

Recommendations For Jenkins versions 2.196 and earlier, update to a version later than 2.196 to resolve the issue. For Jenkins LTS versions 2.176.3 and earlier, update to a version later than 2.176.3 to resolve the issue.