Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03Y2pjLXhwcHIteGo2eM4AAq6P
Improper Neutralization of Input During Web Page Generation in Jenkins
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
Permalink: https://github.com/advisories/GHSA-7cjc-xppr-xj6xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03Y2pjLXhwcHIteGo2eM4AAq6P
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-7cjc-xppr-xj6x, CVE-2019-10403
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10403
- https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1537%20(1)
- http://www.openwall.com/lists/oss-security/2019/09/25/3
- https://github.com/advisories/GHSA-7cjc-xppr-xj6x
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 2.177, <= 2.196, <= 2.176.3Fixed in: 2.197, 2.176.4