GHSA-hg6g-jj7g-x6v2

Source

https://github.com/advisories/GHSA-hg6g-jj7g-x6v2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hg6g-jj7g-x6v2/GHSA-hg6g-jj7g-x6v2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hg6g-jj7g-x6v2

Aliases

CVE-2019-10401

Published

2022-05-24T22:00:43Z

Modified

2024-02-16T08:06:51.927198Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Improper Neutralization of Input During Web Page Generation in Jenkins

Details

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure).

References

Affected packages

Maven / org.jenkins-ci.main:jenkins-core

Package

Name: org.jenkins-ci.main:jenkins-core; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/jenkins-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.176.4

Affected versions

1.*

1.396

1.397

1.398

1.399

1.400

1.401

1.403

1.404

1.405

1.406

1.407

1.408

1.409

1.409.1

1.409.2

1.409.3

1.410

1.411

1.412

1.413

1.414

1.415

1.416

1.417

1.418

1.419

1.420

1.421

1.422

1.423

1.424

1.424.1

1.424.2

1.424.3

1.424.4

1.424.5

1.424.6

1.425

1.426

1.427

1.428

1.429

1.430

1.431

1.432

1.433

1.434

1.435

1.436

1.437

1.438

1.439

1.440

1.441

1.442

1.443

1.444

1.445

1.446

1.447

1.447.1

1.447.2

1.448

1.449

1.450

1.451

1.452

1.453

1.454

1.455

1.456

1.457

1.458

1.459

1.460

1.461

1.462

1.463

1.464

1.465

1.466

1.466.1

1.466.2

1.467

1.468

1.469

1.470

1.471

1.472

1.473

1.474

1.475

1.476

1.477

1.478

1.479

1.480

1.480.1

1.480.2

1.480.3

1.481

1.482

1.483

1.484

1.485

1.486

1.487

1.488

1.489

1.490

1.491

1.492

1.493

1.494

1.495

1.496

1.497

1.498

1.499

1.500

1.501

1.502

1.503

1.504

1.505

1.506

1.507

1.508

1.509

1.509.1

1.509.2

1.509.2.JENKINS-8856-diag

1.509.2.JENKINS-14362-jzlib

1.509.3

1.509.3.JENKINS-14362-jzlib

1.509.4

1.510

1.511

1.512

1.513

1.514

1.515

1.516

1.516.JENKINS-14362-jzlib

1.517

1.518

1.518.JENKINS-14362-jzlib

1.519

1.520

1.521

1.522

1.523

1.524

1.525

1.526

1.527

1.528

1.529

1.530

1.531

1.532

1.532.1

1.532.1.JENKINS-19453

1.532.2

1.532.2.JENKINS-21622-diag

1.532.2.JENKINS-22395-diag

1.532.3

1.532.3.JENKINS-22395

1.532.3.JENKINS-22395-2

1.533

1.534

1.535

1.536

1.537

1.538

1.539

1.540

1.541

1.542

1.543

1.544

1.545

1.546

1.547

1.548

1.549

1.550

1.551

1.552

1.553

1.554

1.554.1

1.554.2

1.554.3

1.554.3.JENKINS-18065-ALLRM-all

1.554.3.JENKINS-18065-JENKINS-23945

1.555

1.556

1.557

1.558

1.559

1.560

1.561

1.562

1.563

1.564

1.565

1.565.1

1.565.1.JENKINS-22395-dropLinks

1.565.2

1.565.3

1.566

1.567

1.568

1.569

1.570

1.571

1.572

1.573

1.574

1.575

1.576

1.577

1.578

1.579

1.580

1.580.1

1.580.2

1.580.3

1.581

1.582

1.583

1.584

1.585

1.586

1.587

1.588

1.589

1.590

1.591

1.592

1.593

1.594

1.595

1.596

1.596.1

1.596.2

1.596.3

1.597

1.598

1.599

1.600

1.601

1.602

1.604

1.605

1.606

1.607

1.608

1.609

1.609.1

1.609.2

1.609.3

1.610

1.611

1.612

1.613

1.614

1.615

1.616

1.617

1.618

1.619

1.620

1.621

1.622

1.623

1.624

1.625

1.625.1

1.625.2

1.625.3

1.626

1.627

1.628

1.629

1.630

1.631

1.632

1.633

1.634

1.635

1.636

1.637

1.638

1.639

1.640

1.641

1.642

1.642.1

1.642.2

1.642.3

1.642.4

1.643

1.644

1.645

1.646

1.647

1.648

1.649

1.650

1.651

1.651.1

1.651.2

1.651.3

1.652

1.653

1.654

1.655

1.656

1.657

1.658

2.*

2.0-alpha-1

2.0-alpha-2

2.0-alpha-3

2.0-alpha-4

2.0-beta-1

2.0-beta-2

2.0-rc-1

2.0

2.1

2.2

2.3

2.4

2.5

2.6

2.7

2.7.1

2.7.2

2.7.3

2.7.4

2.8

2.9

2.10

2.11

2.12

2.13

2.14

2.15

2.16

2.17

2.18

2.19

2.19.1

2.19.2

2.19.3

2.19.4

2.20

2.21

2.22

2.23

2.24

2.25

2.26

2.27

2.28

2.29

2.30

2.31

2.32

2.32.1

2.32.2

2.32.3

2.33

2.34

2.35

2.36

2.37

2.38

2.39

2.40

2.41

2.42

2.43

2.44

2.45

2.46

2.46.1

2.46.2

2.46.3

2.47

2.48

2.49

2.50

2.51

2.52

2.53

2.54

2.55

2.56

2.57

2.58

2.59

2.60

2.60.1

2.60.2

2.60.3

2.61

2.62

2.63

2.64

2.65

2.66

2.67

2.68

2.69

2.70

2.71

2.72

2.73

2.73.1

2.73.2

2.73.3

2.74

2.75

2.76

2.77

2.78

2.79

2.80

2.81

2.82

2.83

2.84

2.85

2.86

2.87

2.88

2.89

2.89.1

2.89.2

2.89.3

2.89.4

2.90

2.91

2.92

2.93

2.94

2.95

2.96

2.97

2.98

2.99

2.100

2.101

2.102

2.103

2.104

2.105

2.106

2.107

2.107.1

2.107.2

2.107.3

2.108

2.109

2.110

2.111

2.112

2.113

2.114

2.115

2.116

2.117

2.118

2.119

2.120

2.121

2.121.1

2.121.2

2.121.3

2.122

2.123

2.124

2.125

2.126

2.127

2.128

2.129

2.130

2.131

2.132

2.133

2.134

2.135

2.136

2.137

2.138

2.138.1

2.138.2

2.138.3

2.138.4

2.140

2.141

2.142

2.143

2.144

2.145

2.146

2.147

2.148

2.149

2.150

2.150.1

2.150.2

2.150.3

2.151

2.152

2.153

2.154

2.155

2.156

2.157

2.158

2.159

2.160

2.161

2.162

2.163

2.164

2.164.1

2.164.2

2.164.3

2.165

2.166

2.167

2.168

2.169

2.170

2.171

2.172

2.173

2.174

2.175

2.176

2.176.1

2.176.2

2.176.3

Database specific

{
    "last_known_affected_version_range": "<= 2.176.3"
}

Maven / org.jenkins-ci.main:jenkins-core

Package

Name: org.jenkins-ci.main:jenkins-core; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/jenkins-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.177

Fixed

2.197

Affected versions

2.*

2.177

2.178

2.179

2.180

2.181

2.182

2.183

2.184

2.185

2.186

2.187

2.189

2.190

2.190.1

2.190.2

2.190.3

2.191

2.192

2.193

2.194

2.195

2.196

Database specific

{
    "last_known_affected_version_range": "<= 2.196"
}