CVE-2019-1003050

Summary

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins2.171 and earlier, LTS 2.164.1 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References