VulnerableCode Package Details - pkg:maven/io.jenkins.blueocean/blueocean@1.10.2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-bmfa-vgay-2fbt	Cross-Site Request Forgery (CSRF) A data modification vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-core-js/src/js/bundleStartup.js`, `blueocean-core-js/src/js/fetch.ts`, `blueocean-core-js/src/js/i18n/i18n.js`, `blueocean-core-js/src/js/urlconfig.js`, `blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java`, `blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly` that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.	CVE-2019-1003012 GHSA-qxh5-5r5p-5gvf
VCID-gmw4-qd6z-aqht	Cross-site Scripting An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export/ExportConfig.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java`, `blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly' that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.	CVE-2019-1003013 GHSA-7fjr-5hph-c2mh

Vulnerability

Summary

Aliases

VCID-bmfa-vgay-2fbt

Cross-Site Request Forgery (CSRF) A data modification vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-core-js/src/js/bundleStartup.js`, `blueocean-core-js/src/js/fetch.ts`, `blueocean-core-js/src/js/i18n/i18n.js`, `blueocean-core-js/src/js/urlconfig.js`, `blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java`, `blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly` that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.

CVE-2019-1003012
GHSA-qxh5-5r5p-5gvf

VCID-gmw4-qd6z-aqht

Cross-site Scripting An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export/ExportConfig.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java`, `blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly' that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.

CVE-2019-1003013
GHSA-7fjr-5hph-c2mh

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:01:34.203131+00:00	GHSA Importer	Fixing	VCID-bmfa-vgay-2fbt	https://github.com/advisories/GHSA-qxh5-5r5p-5gvf	38.0.0
2026-04-01T16:01:34.050562+00:00	GHSA Importer	Fixing	VCID-gmw4-qd6z-aqht	https://github.com/advisories/GHSA-7fjr-5hph-c2mh	38.0.0
2026-04-01T13:11:02.701241+00:00	GithubOSV Importer	Fixing	VCID-bmfa-vgay-2fbt	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qxh5-5r5p-5gvf/GHSA-qxh5-5r5p-5gvf.json	38.0.0
2026-04-01T13:10:44.499821+00:00	GithubOSV Importer	Fixing	VCID-gmw4-qd6z-aqht	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fjr-5hph-c2mh/GHSA-7fjr-5hph-c2mh.json	38.0.0