Lucene search
GoogleOSV:GHSA-7FJR-5HPH-C2MHHistoryMay 13, 2022 - 1:31 a.m.
Cross-site Scripting in Jenkins Blue Ocean Plugin
2022-05-1301:31:35
Google
osv.dev
11
jenkins
blue ocean
cross-site scripting
vulnerability
html
user description
permission
plugin
EPSS
0.001
Percentile
25.8%
A cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier that allows attackers with permission to edit a user’s description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.
This vulnerability is found in:
- blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java
- blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java
- blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java
- blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java
- blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly
Related
github
github
Cross-site Scripting in Jenkins Blue Ocean Plugin
2022-05-13 01:31:35
osv
osv
CVE-2019-1003013
2019-02-06 16:29:00
veracode
veracode
Cross-site Scripting (XSS)
2019-05-16 03:24:19
prion
prion
Cross site scripting
2019-02-06 16:29:00
nvd
nvd
CVE-2019-1003013
2019-02-06 16:29:00
redhatcve
redhatcve
CVE-2019-1003013
2019-02-07 11:51:53
cvelist
cvelist
CVE-2019-1003013
2019-02-06 16:00:00
cve
cve
CVE-2019-1003013
2019-02-06 16:29:00