CVE-2019-10402

Summary

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins2.196 and earlier, LTS 2.176.3 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References