CVE-2019-10432

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins HTML Publisher Plugin versions 1.20 and earlier

Description The issue results from the failure to escape project and build display names in the HTML report frame, leading to a cross-site scripting vulnerability. This vulnerability can be exploited by users who have the ability to change these names.

Recommendations For Jenkins HTML Publisher Plugin versions 1.20 and earlier, update to version 1.21 or later to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-10432

GHSA-Q829-HRMC-84C8

RHSA-2019:4055

RHSA-2019:4089

RHSA-2019:4097

Affected Products

Jenkins

Jenkins Html Publisher Plugin

CVE-2019-10432

Weakness Enumeration

Related Identifiers

Affected Products

References · 11