vulnerability

Jenkins Advisory 2019-09-25: CVE-2019-10406: XSS vulnerability in Jenkins URL setting

Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Sep 25, 2019
Added
Oct 8, 2019
Modified
Jul 12, 2022

Description

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.

Solution(s)

jenkins-lts-upgrade-2_176_4jenkins-upgrade-2_197
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.