CVE-2019-10383 log

Source
Severity Low
Remote Yes
Type Cross-site scripting
Description
Jenkins did not properly escape the update site URL in some status messages shown in the update center, resulting in a stored cross-site scripting vulnerability that is exploitable by administrators and affects other administrators.
Group Package Affected Fixed Severity Status Ticket
AVG-1030 jenkins 2.189-1 2.192-1 Medium Fixed
Date Advisory Group Package Severity Type
30 Aug 2019 ASA-201908-22 AVG-1030 jenkins Medium multiple issues
References
https://jenkins.io/security/advisory/2019-08-28/