5 matches found
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1574 more potentially affected by CVE-2019-1003050 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.16)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-1003050 Source advisory: OSV:GHSA-QPG9-83FV-X9CH...
CVE-2019-1003050
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting XSS vulnerability exploitable by users with the ability to control job names...
Jenkins < 2.164.2 LTS and < 2.172 Multiple Vulnerabilities - Windows
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
Jenkins < 2.164.2 LTS and < 2.172 Multiple Vulnerabilities - Linux
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
CVE-2019-1003050
CVE-2019-1003050 affects Jenkins core UI: the f:validateButton form control did not properly escape job URLs, enabling a cross-site scripting (XSS) vulnerability. Vulnerable in Jenkins versions 2.171 and earlier and Jenkins LTS 2.164.1 and earlier; exploit requires a user with the ability to cont...