CVE-2019-10325
Description
Persistent XSS vulnerability in Jenkins Warnings NG Plugin allows attackers with Job/Configure permission to inject arbitrary JavaScript via custom parser names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Persistent XSS vulnerability in Jenkins Warnings NG Plugin allows attackers with Job/Configure permission to inject arbitrary JavaScript via custom parser names.
The Jenkins Warnings NG Plugin up to version 5.0.0 rendered the name of a custom warnings parser unescaped on Jenkins web pages, leading to a stored cross-site scripting (XSS) vulnerability [1][2].
An attacker with Job/Configure permission could define a custom parser with a name containing malicious HTML and JavaScript. When the parser name is displayed on build overview pages, the injected script executes in the context of the victim's browser [2][3].
This allows the attacker to perform arbitrary actions on behalf of the victim, such as modifying job configurations, accessing sensitive information, or performing other actions within the Jenkins instance with the victim's permissions [2].
The vulnerability is fixed in Warnings NG Plugin version 5.1.0, which properly escapes custom warnings parser names [1][2]. Users should upgrade to version 5.1.0 or later.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.jenkins.plugins:warnings-ngMaven | < 5.1.0 | 5.1.0 |
Affected products
2- Range: 5.0.0 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-wrr5-p265-7252ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10325ghsaADVISORY
- www.openwall.com/lists/oss-security/2019/05/31/2ghsamailing-listx_refsource_MLISTWEB
- www.securityfocus.com/bid/108540ghsavdb-entryx_refsource_BIDWEB
- github.com/jenkinsci/warnings-ng-plugin/blob/main/CHANGELOG.mdghsaWEB
- jenkins.io/security/advisory/2019-05-31/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.