Cross-Site Scripting Vulnerability in Jenkins Warnings Next Generation Plugin
CVE-2019-1003023

6.1MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Warnings Next Generation Plugin
Vendor: CVE Published:; 6 February 2019

Summary

A cross-site scripting vulnerability has been identified in the Jenkins Warnings Next Generation Plugin, specifically affecting versions 1.0.1 and earlier. This vulnerability allows attackers, who can manipulate the warnings parser input, to have Jenkins generate arbitrary HTML content. This scenario poses a risk to the integrity of the application and could lead to exploitation, where an attacker may inject malicious scripts that execute in the browsers of users accessing the Jenkins interface.

Affected Version(s)

Jenkins Warnings Next Generation Plugin 1.0.1 and earlier

References

https://jenkins.io/security/advisory/2019-01-28/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 6, 2019