Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1mdjRxLTRoMjQtMjNxcs4AAiCB

Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting

Dashboard View Plugin did not escape the build description on the Latest Builds View. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the description of builds shown on that view.

Dashboard View Plugin now applies the configured markup formatter to the build description, rendering it as it appears elsewhere in Jenkins.

Permalink: https://github.com/advisories/GHSA-fv4q-4h24-23qr
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mdjRxLTRoMjQtMjNxcs4AAiCB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 12 months ago


CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Percentage: 0.00054
EPSS Percentile: 0.23527

Identifiers: GHSA-fv4q-4h24-23qr, CVE-2019-10396
References: Repository: https://github.com/jenkinsci/dashboard-view-plugin
Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.plugins:dashboard-view
Affected Version Ranges: < 2.12
Fixed in: 2.12