CVE-2019-10432 — Vulnetix

CVE-2019-10432 PUBLISHED CVSS 3.5 LOW

Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those.

EPSS 0.16% · 37.0th percentile

Risk Scores

CVSS 2.0

3.5

EPSS Score

0.16%

37.0th percentile

Affected Products

Vendor	Product	Versions
jenkins	html_publisher	0
Jenkins project	Jenkins HTML Publisher Plugin	*
Maven	org.jenkins-ci.plugins:htmlpublisher	0

Exploit Intelligence

https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1590 (circl)
[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins (circl)
RHSA-2019:4097 (circl)
RHSA-2019:4055 (circl)
RHSA-2019:4089 (circl)

Timeline

Oct 1, 2019 CVE Published
Oct 9, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score

References

https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1590 url
[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins mailing-list
RHSA-2019:4097 vendor-advisory
RHSA-2019:4055 vendor-advisory
RHSA-2019:4089 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2019-10432 advisory
https://github.com/jenkinsci/htmlpublisher-plugin/commit/637aad0308f8cdfb24610041fcfe815d5a1a096b url
https://github.com/jenkinsci/htmlpublisher-plugin package
https://github.com/jenkinsci/htmlpublisher-plugin/releases/tag/htmlpublisher-1.21 url

Open in Interactive Console →