CVE-2019-10360

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jenkins-ci.plugins.m2release/m2release

Identifiers

GHSA-79rm-f26g-296p, CVE-2019-10360

Package Slug

maven/org.jenkins-ci.plugins.m2release/m2release

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Affected Versions

All versions before 0.15.0

Solution

Upgrade to version 0.15.0 or above.

Last Modified

2023-03-06

source