CVE-2019-1003023

2019-02-0616:29:01

Google

osv.dev

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML.

CPENameOperatorVersion
warnings-ng-plugineqwarnings-ng-1.0.0-beta6
warnings-ng-plugineqwarnings-ng-1.0.0-beta1
warnings-ng-plugineqwarnings-ng-1.0.0-beta5
warnings-ng-plugineqwarnings-ng-1.0.0-beta8
warnings-ng-plugineqwarnings-ng-1.0.1
warnings-ng-plugineqwarnings-ng-1.0.0
warnings-ng-plugineqwarnings-ng-1.0.0-beta3
warnings-ng-plugineqwarnings-ng-1.0.0-beta7
warnings-ng-plugineqwarnings-ng-1.0.0-beta10
warnings-ng-plugineqwarnings-ng-1.0.0-beta4

Name	Operator	Version
warnings-ng-plugin	eq	warnings-ng-1.0.0-beta6
warnings-ng-plugin	eq	warnings-ng-1.0.0-beta1
warnings-ng-plugin	eq	warnings-ng-1.0.0-beta5
warnings-ng-plugin	eq	warnings-ng-1.0.0-beta8
warnings-ng-plugin	eq	warnings-ng-1.0.1
warnings-ng-plugin	eq	warnings-ng-1.0.0
warnings-ng-plugin	eq	warnings-ng-1.0.0-beta3
warnings-ng-plugin	eq	warnings-ng-1.0.0-beta7
warnings-ng-plugin	eq	warnings-ng-1.0.0-beta10
warnings-ng-plugin	eq	warnings-ng-1.0.0-beta4