1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-1271

[JENKINS:SECURITY-1271] XSS vulnerability in Warnings Next Generation Plugin

Severity Medium
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

Warnings Next Generation Plugin did not properly escape HTML content in warnings displayed on the Jenkins UI, resulting in a cross-site scripting vulnerability exploitable by users able to control warnings parser input.

Warnings Next Generation Plugin now removes unsafe HTML content from warnings.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/warnings-ng <= 1.0.1
pkg:github/jenkinsci/warnings-ng-plugin <= 1.0.1
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/warnings-ng = 2.0.0
pkg:github/jenkinsci/warnings-ng-plugin = 2.0.0
ID
JENKINS:SECURITY-1271
Severity
medium
Published
2019-01-28T00:00:00
(5 years ago)
Modified
2019-01-28T00:00:00
(5 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository warnings-ng repository https://github.com/jenkinsci/warnings-ng-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/warnings-ng org.jenkins-ci.plugins warnings-ng <= 1.0.1
Fixed pkg:maven/org.jenkins-ci.plugins/warnings-ng org.jenkins-ci.plugins warnings-ng = 2.0.0
Affected pkg:github/jenkinsci/warnings-ng-plugin jenkinsci warnings-ng-plugin <= 1.0.1
Fixed pkg:github/jenkinsci/warnings-ng-plugin jenkinsci warnings-ng-plugin = 2.0.0
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date