Lucene search
PRIOn knowledge basePRION:CVE-2019-1003013HistoryFeb 06, 2019 - 4:29 p.m.
Cross site scripting
2019-02-0616:29:00
PRIOn knowledge base
www.prio-n.com
6
0.001 Low
EPSS
Percentile
26.0%
An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user’s description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| blue_ocean | le | 1.10.1 | |
| openshift_container_platform | eq | 3.11 |
Related
osv
osv
CVE-2019-1003013
2019-02-06 16:29:00
Cross-site Scripting in Jenkins Blue Ocean Plugin
2022-05-13 01:31:35
nvd
nvd
CVE-2019-1003013
2019-02-06 16:29:00
github
github
Cross-site Scripting in Jenkins Blue Ocean Plugin
2022-05-13 01:31:35
veracode
veracode
Cross-site Scripting (XSS)
2019-05-16 03:24:19
cve
cve
CVE-2019-1003013
2019-02-06 16:29:00
redhatcve
redhatcve
CVE-2019-1003013
2019-02-07 11:51:53
cvelist
cvelist
CVE-2019-1003013
2019-02-06 16:00:00