Lucene search
GoogleOSV:GHSA-QPG9-83FV-X9CHHistoryMay 13, 2022 - 1:01 a.m.
Improper Neutralization of Input During Web Page Generation in Jenkins
2022-05-1301:01:01
Google
osv.dev
10
0.001 Low
EPSS
Percentile
35.3%
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.
References
www.securityfocus.com/bid/107889
access.redhat.com/errata/RHBA-2019:1605
github.com/jenkinsci/jenkins
github.com/jenkinsci/jenkins/commit/8eb632dda219ec8796420ce58d9564cddf8f8f93
github.com/jenkinsci/jenkins/commit/d393c7e9ba3ec44953ef1f8b11839421e2649ee7
jenkins.io/security/advisory/2019-04-10/#SECURITY-1327
nvd.nist.gov/vuln/detail/CVE-2019-1003050
www.oracle.com/security-alerts/cpuapr2022.html
Related
veracode
veracode
Cross-Site Scripting (XSS)
2019-07-08 00:06:45
redhatcve
redhatcve
CVE-2019-1003050
2020-04-09 10:33:43
prion
prion
Cross site scripting
2019-04-10 21:29:00
cve
cve
CVE-2019-1003050
2019-04-10 21:29:01
nvd
nvd
CVE-2019-1003050
2019-04-10 21:29:01
cvelist
cvelist
CVE-2019-1003050
2019-04-10 20:12:30
alpinelinux
alpinelinux
CVE-2019-1003050
2019-04-10 21:29:01
osv
osv
CVE-2019-1003050
2019-04-10 21:29:01
github
github
Improper Neutralization of Input During Web Page Generation in Jenkins
2022-05-13 01:01:01
nessus
nessus
Jenkins < 2.164.2 LTS / 2.172 Multiple Vulnerabilities
2019-04-18 00:00:00
archlinux
archlinux
[ASA-201904-7] jenkins: multiple issues
2019-04-11 00:00:00
openvas
openvas
Jenkins < 2.164.2 LTS and < 2.172 Multiple Vulnerabilities - Linux
2019-04-17 00:00:00
Jenkins < 2.164.2 LTS and < 2.172 Multiple Vulnerabilities - Windows
2019-04-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00