Stored XSS Vulnerability in Jenkins Buildgraph-view Plugin by Jenkins
CVE-2019-16562

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Buildgraph-view Plugin
Vendor: CVE Published:; 17 December 2019

What is CVE-2019-16562?

The Buildgraph-view Plugin for Jenkins prior to version 1.8 is susceptible to a stored cross-site scripting (XSS) vulnerability. This issue arises from the failure to adequately escape the build descriptions that are displayed in the user interface. Users with permission to alter these descriptions can introduce malicious scripts, which will then be executed in the context of other users' browsers. This vulnerability poses a risk of unauthorized actions, data theft, or further exploitation by injecting scripts into the application.

Affected Version(s)

Jenkins buildgraph-view Plugin <= 1.8

Jenkins buildgraph-view Plugin 1.5.2

References

https://jenkins.io/security/advisory/2019-12-17/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2019/12/17/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2019
Vulnerability Reserved
Sep 20, 2019

CVE-2019-16562 Data

JSON