CVE-2019-16562

Summary

Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins buildgraph-view Pluginunspecified <= 1.8affected
Jenkins projectJenkins buildgraph-view Plugin1.5.2 < unspecifiedaffected
Jenkins projectJenkins buildgraph-view Pluginnext of 1.8 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References