CVE-2019-16563

Summary

Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Mission Control Pluginunspecified <= 0.9.16affected
Jenkins projectJenkins Mission Control Pluginnext of 0.9.16 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References