A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Affected Packages

Maven org.jenkins-ci.plugins:depgraph-view

Affected versions: 0 (fixed in 0.14)

Related CVEs

CVE-2019-10349

Key Information

GHSA ID

GHSA-4wj7-rh5h-5qmr

Published

May 24, 2022 4:50 PM

Last Modified

February 1, 2023 6:08 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:depgraph-view

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.