Show plain JSON{"affected_release": [{"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-enterprise-service-catalog-1:3.11.82-1.git.1673.133961e.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-0:3.11.82-1.git.0.08bc31b.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-cluster-autoscaler-0:3.11.82-1.git.0.efb6af0.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-descheduler-0:3.11.82-1.git.300.89765c9.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-dockerregistry-0:3.11.82-1.git.452.0ce6383.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-metrics-server-0:3.11.82-1.git.52.2fdca3f.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-node-problem-detector-0:3.11.82-1.git.254.a448936.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-service-idler-0:3.11.82-1.git.14.e353758.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-web-console-0:3.11.82-1.git.355.5e8b1d9.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-openshift-oauth-proxy-0:3.11.82-1.git.425.7cac034.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-alertmanager-0:3.11.82-1.git.0.3bf41ce.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-node_exporter-0:3.11.82-1.git.1063.48444e8.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-prometheus-0:3.11.82-1.git.5027.9d24833.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "haproxy-0:1.8.17-3.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-0:2.150.2.1549032159-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-2-plugins-0:3.11.1549642489-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-ansible-0:3.11.82-3.git.0.9718d0a.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-enterprise-autoheal-0:3.11.82-1.git.219.0b5aff4.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-enterprise-cluster-capacity-0:3.11.82-1.git.380.cf11c51.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}], "bugzilla": {"description": "jenkins-plugin-blueocean: XSS vulnerability via user description in Blue Ocean (SECURITY-1204)", "id": "1670299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670299"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user."], "name": "CVE-2019-1003013", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Will not fix", "package_name": "jenkins-plugin-blueocean", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Will not fix", "package_name": "jenkins-plugin-blueocean", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Will not fix", "package_name": "jenkins-plugin-blueocean", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Will not fix", "package_name": "jenkins-plugin-blueocean", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Will not fix", "package_name": "jenkins-plugin-blueocean", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Will not fix", "package_name": "jenkins-plugin-blueocean", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2019-01-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-1003013\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1003013\nhttps://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204"], "threat_severity": "Moderate", "upstream_fix": "jenkins-plugin-blueocean 1.10.2"}