CVE-2019-16562

Name of the Vulnerable Software and Affected Versions Jenkins buildgraph-view Plugin versions 1.8 and earlier

Description The issue results in a stored cross-site scripting vulnerability. It occurs because the plugin does not escape the description of builds shown in its view. This makes it exploitable by users who have the ability to change build descriptions.

Recommendations For Jenkins buildgraph-view Plugin versions 1.8 and earlier, update to a version later than 1.8 to resolve the issue. As a temporary workaround, consider restricting the ability to change build descriptions to minimize the risk of exploitation.