3 matches found
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1574 more potentially affected by CVE-2019-10401 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.17)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-10401 Source advisory: OSV:GHSA-HG6G-JJ7G-X6V2...
FreeBSD : jenkins -- multiple vulnerabilities (9720bb39-f82a-402f-9fe4-e2c875bdda83)
Jenkins Security Advisory : DescriptionMedium SECURITY-1498 / CVE-2019-10401 Stored XSS vulnerability in expandable textbox form control Medium SECURITY-1525 / CVE-2019-10402 XSS vulnerability in combobox form control Medium SECURITY-1537 1 / CVE-2019-10403 Stored XSS vulnerability in SCM tag...
CVE-2019-10401
CVE-2019-10401 corresponds to a stored XSS in Jenkins up to 2.196 and LTS 2.176.3 due to the f:expandableTextBox form control interpreting content as HTML, allowing exploitation by users who can define its contents (e.g., Job/Configure). Connected sources confirm the exact vulnerable component an...