← volver
CVE-2019-10349

CVE-2019-10349

EPSS 3.9%
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Productos afectados
Jenkins project · Jenkins Dependency Graph Viewer Plugin
PoCs públicas encontradas2
cve_referencepacketstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.htmlno verificadoexploitdbwww.exploit-db.com/exploits/47111no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.htmlhttps://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177http://www.openwall.com/lists/oss-security/2019/07/11/4http://www.securityfocus.com/bid/109156