CVE-2019-10349

MEDIUM

Jenkins Dependency Graph Viewer < 0.13 - XSS

Title source: rule

Description

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Exploits (1)

exploitdb WRITEUP

by Ishaq Mohammed · textwebappsjava

https://www.exploit-db.com/exploits/47111

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/07/11/4

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/109156

[Vendor Advisory] https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177

Scores

CVSS v3 5.4

EPSS 0.0079

EPSS Percentile 74.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

jenkins/dependency_graph_viewer < 0.13

org.jenkins-ci.plugins/depgraph-view 0 - 0.14Maven

Published Jul 11, 2019

Tracked Since Feb 18, 2026