Allele Security Alert
ASA-2019-00107, SECURITY-1271, CVE-2019-1003023
Cross-Site Scripting (XSS) vulnerability in Warnings Next Generation Plugin
Jenkins Warnings Next Generation Plugin
Warnings Next Generation Plugin up to and including 1.0.1
Warnings Next Generation Plugin version 2.0.0
Proof of concept
Warnings Next Generation Plugin did not properly escape HTML content in warnings displayed on the Jenkins UI, resulting in a cross-site scripting vulnerability exploitable by users able to control warnings parser input.
Kalle Niemitalo (Procomp Solutions Oy)
Jenkins Security Advisory 2019-01-28
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: March 6, 2019