CVE-2019-10335: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 24, 2022 (updated October 26, 2023)

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages.

References

www.openwall.com/lists/oss-security/2019/06/11/1
github.com/advisories/GHSA-fx9p-2qvx-pgjv
jenkins.io/security/advisory/2019-06-11/
nvd.nist.gov/vuln/detail/CVE-2019-10335
web.archive.org/web/20200227033720/http://www.securityfocus.com/bid/108747

Detect and mitigate CVE-2019-10335 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →