VulnerableCode Package Details - pkg:maven/io.jenkins.blueocean/blueocean@1.10.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-bmfa-vgay-2fbt Aliases: CVE-2019-1003012 GHSA-qxh5-5r5p-5gvf	Cross-Site Request Forgery (CSRF) A data modification vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-core-js/src/js/bundleStartup.js`, `blueocean-core-js/src/js/fetch.ts`, `blueocean-core-js/src/js/i18n/i18n.js`, `blueocean-core-js/src/js/urlconfig.js`, `blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java`, `blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly` that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.	1.10.2 Affected by 0 other vulnerabilities. 1.11 Affected by 0 other vulnerabilities.
VCID-gmw4-qd6z-aqht Aliases: CVE-2019-1003013 GHSA-7fjr-5hph-c2mh	Cross-site Scripting An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export/ExportConfig.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java`, `blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly' that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.	1.10.2 Affected by 0 other vulnerabilities. 1.11 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-bmfa-vgay-2fbt
Aliases:
CVE-2019-1003012
GHSA-qxh5-5r5p-5gvf

Cross-Site Request Forgery (CSRF) A data modification vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-core-js/src/js/bundleStartup.js`, `blueocean-core-js/src/js/fetch.ts`, `blueocean-core-js/src/js/i18n/i18n.js`, `blueocean-core-js/src/js/urlconfig.js`, `blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java`, `blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly` that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.

1.10.2
Affected by 0 other vulnerabilities.

1.11
Affected by 0 other vulnerabilities.

VCID-gmw4-qd6z-aqht
Aliases:
CVE-2019-1003013
GHSA-7fjr-5hph-c2mh

Cross-site Scripting An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export/ExportConfig.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java`, `blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly' that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.

1.10.2
Affected by 0 other vulnerabilities.

1.11
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:48:17.133679+00:00	GitLab Importer	Affected by	VCID-gmw4-qd6z-aqht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.jenkins.blueocean/blueocean/CVE-2019-1003013.yml	38.0.0
2026-04-01T12:48:17.114158+00:00	GitLab Importer	Affected by	VCID-bmfa-vgay-2fbt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.jenkins.blueocean/blueocean/CVE-2019-1003012.yml	38.0.0

2026-04-01T12:48:17.133679+00:00

GitLab Importer

Affected by

VCID-gmw4-qd6z-aqht

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.jenkins.blueocean/blueocean/CVE-2019-1003013.yml

38.0.0

2026-04-01T12:48:17.114158+00:00

GitLab Importer

Affected by

VCID-bmfa-vgay-2fbt

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.jenkins.blueocean/blueocean/CVE-2019-1003012.yml

38.0.0

Next non-vulnerable version	1.10.2
Latest non-vulnerable version	1.27.5.1
Risk	3.3