CVE-2019-10410

Name of the Vulnerable Software and Affected Versions Jenkins Log Parser Plugin versions 2.0 and earlier

Description The issue is related to a cross-site scripting vulnerability. It occurs because an error message is not properly escaped, allowing exploitation by users who can define log parsing rules. This vulnerability is exploitable by attackers who can control the log parsing rules configuration, typically those with Job/Configure permission. The vulnerability results in a persisted cross-site scripting issue when log parsing patterns are invalid.

Recommendations For Jenkins Log Parser Plugin versions 2.0 and earlier, update to version 2.1 or later, which escapes all variables displayed in its views. As a temporary workaround, consider restricting access to define log parsing rules to minimize the risk of exploitation.