CVE-2019-10325

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/io.jenkins.plugins/warnings-ng

Identifiers

GHSA-wrr5-p265-7252, CVE-2019-10325

Package Slug

maven/io.jenkins.plugins/warnings-ng

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.

Affected Versions

All versions up to 5.0.0

Solution

Upgrade to version 5.1.0 or above.

Last Modified

2024-01-31

source