4 matches found
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1574 more potentially affected by CVE-2019-10405 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.17)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-10405 Source advisory: OSV:GHSA-47WC-P5CP-W7PW...
CVE-2019-10405
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...
Jenkins < 2.176.4 LTS / 2.197 Multiple Vulnerabilities
The version of Jenkins running on the remote web server is prior to 2.197 or is a version of Jenkins LTS prior to 2.176.4. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in the /whoAmI/ URL due to the exposed 'Cookie' HTTP Header. An...
CVE-2019-10405
CVE-2019-10405 affects Jenkins 2.196 and earlier, and LTS 2.176.3 and earlier. The vulnerability causes the server to print the value of the cookie in the /whoAmI/ URL, despite the cookie being marked HttpOnly. This enables an attacker who can exploit another XSS vulnerability to obtain the HTTP ...