3 matches found
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1574 more potentially affected by CVE-2019-10404 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.17)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-10404 Source advisory: OSV:GHSA-9QGF-4FPF-CMH2...
CVE-2019-10404
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executor...
CVE-2019-10404
CVE-2019-10404 affects Jenkins core prior to 2.196 (and LTS prior to 2.176.3) where the reason text shown in queue item tooltips isn’t escaped, leading to stored XSS when an actor can influence parts of the blocked-queue reason (e.g., label expressions). Affected versions: Jenkins 2.196 and earli...