Vulnerability Description
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Dependency Graph Viewer | <= 0.13 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-CExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2019/07/11/4Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/109156Broken LinkThird Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177Vendor Advisory
- http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-CExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2019/07/11/4Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/109156Broken LinkThird Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177Vendor Advisory
FAQ
What is CVE-2019-10349?
CVE-2019-10349 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in th...
How severe is CVE-2019-10349?
CVE-2019-10349 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10349?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Dependency Graph Viewer.