3.5
CVSSv2

CVE-2019-10383

Published: 28/08/2019 Updated: 20/09/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

A stored cross-site scripting vulnerability in Jenkins 2.191 and previous versions, LTS 2.176.2 and previous versions allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.

Vulnerability Trend

Affected Products

Vendor Product Versions
JenkinsJenkins2.176.2, 2.191

Vendor Advisories

Synopsis Important: OpenShift Container Platform 4116 jenkins security update Type/Severity Security Advisory: Important Topic An update for jenkins is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as having a security impact of Important A Comm ...
Synopsis Important: OpenShift Container Platform 311 jenkins security update Type/Severity Security Advisory: Important Topic An update for jenkins is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impact of Important A Commo ...
Impact: Moderate Public Date: 2019-08-28 CWE: CWE-79 Bugzilla: 1747293: CVE-2019-10383 jenkins: stored ...
Jenkins did not properly escape the update site URL in some status messages shown in the update center, resulting in a stored cross-site scripting vulnerability that is exploitable by administrators and affects other administrators ...
Arch Linux Security Advisory ASA-201908-22 ========================================== Severity: Medium Date : 2019-08-30 CVE-ID : CVE-2019-10383 CVE-2019-10384 Package : jenkins Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1030 Summary ======= The package jenkins before version 2192-1 is vulnerable to ...

Mailing Lists

Jenkins is an open source automation server which enables developers around the world to reliably build, test, and deploy their software The following releases contain fixes for security vulnerabilities: * Jenkins weekly 2192 * Jenkins LTS 21763 * IBM Application Security on Cloud 125 * Splunk Plugin 180 Summaries of the vulnerabilities a ...