Allele Security Alert
ASA-2019-00107
Identifier(s)
ASA-2019-00107, SECURITY-1271, CVE-2019-1003023
Title
Cross-Site Scripting (XSS) vulnerability in Warnings Next Generation Plugin
Vendor(s)
Jenkins project
Product(s)
Jenkins Warnings Next Generation Plugin
Affected version(s)
Warnings Next Generation Plugin up to and including 1.0.1
Fixed version(s)
Warnings Next Generation Plugin version 2.0.0
Proof of concept
Unknown
Description
Warnings Next Generation Plugin did not properly escape HTML content in warnings displayed on the Jenkins UI, resulting in a cross-site scripting vulnerability exploitable by users able to control warnings parser input.
Technical details
Unknown
Credits
Kalle Niemitalo (Procomp Solutions Oy)
Reference(s)
Jenkins Security Advisory 2019-01-28
https://jenkins.io/security/advisory/2019-01-28
Jenkins Plugins
https://plugins.jenkins.io/warnings-ng
CVE-2019-1003023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1003023
CVE-2019-1003023
https://nvd.nist.gov/vuln/detail/CVE-2019-1003023
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: March 6, 2019