CVE-2019-10396

描述

Dashboard View Plugin did not escape the build description on the Latest Builds View. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the description of builds shown on that view. Dashboard View Plugin now applies the configured markup formatter to the build description, rendering it as it appears elsewhere in Jenkins.

受影響套件(1)

• Maven/org.jenkins-ci.plugins:dashboard-viewfrom 0, < 2.12

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10396
• WEBhttps://github.com/jenkinsci/dashboard-view-plugin/commit/115238da2a8899358b32ee14e7076df23747d6c9
• WEBhttps://jenkins.io/security/advisory/2019-09-12/#SECURITY-1489
• WEBhttp://www.openwall.com/lists/oss-security/2019/09/12/2