CVE-2019-10349

Опубликовано: 11 июл. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Ссылки

http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2019/07/11/4
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/109156
Broken Link
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177
Vendor Advisory
http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2019/07/11/4
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/109156
Broken Link
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:dependency_graph_viewer:*:*:*:*:*:jenkins:*:*

Версия до 0.13 (включая)

EPSS

Процентиль: 73%

0.00791

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4wj7-rh5h-5qmr