Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.

Affected Packages

Maven com.paul8620.jenkins.plugins:pipeline-aggregator-view

Affected versions: 0 (fixed in 1.9)

Related CVEs

CVE-2019-16564

Key Information

GHSA ID

GHSA-jf8x-943c-r4h6

Published

May 24, 2022 5:03 PM

Last Modified

November 3, 2023 7:19 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.paul8620.jenkins.plugins:pipeline-aggregator-view

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.