Lucene search
JenkinsCVELIST:CVE-2019-1003013HistoryFeb 06, 2019 - 4:00 p.m.
CVE-2019-1003013
2019-02-0616:00:00
jenkins
www.cve.org
0.001 Low
EPSS
Percentile
26.0%
An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user’s description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.
CNA Affected
[
{
"product": "Jenkins Blue Ocean Plugins",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "1.10.1 and earlier"
}
]
}
]Related
osv
osv
CVE-2019-1003013
2019-02-06 16:29:00
Cross-site Scripting in Jenkins Blue Ocean Plugin
2022-05-13 01:31:35
prion
prion
Cross site scripting
2019-02-06 16:29:00
nvd
nvd
CVE-2019-1003013
2019-02-06 16:29:00
github
github
Cross-site Scripting in Jenkins Blue Ocean Plugin
2022-05-13 01:31:35
veracode
veracode
Cross-site Scripting (XSS)
2019-05-16 03:24:19
cve
cve
CVE-2019-1003013
2019-02-06 16:29:00
redhatcve
redhatcve
CVE-2019-1003013
2019-02-07 11:51:53