关键漏洞信息 Stored XSS Vulnerability in Update Center CVE: SECURITY-1453 / CVE-2019-10383 Severity: Medium Description: Jenkins did not properly escape the update site URL, leading to a stored XSS vulnerability exploitable by administrators. CSRF Protection Tokens for Anonymous Users CVE: SECURITY-1491 / CVE-2019-10384 Severity: High Description: CSRF tokens for anonymous users did not expire, allowing attackers to exploit sessions under certain conditions. Sandbox Bypass in Splunk Plugin CVE: SECURITY-1294 / CVE-2019-10390 Severity: High Affected Plugin: splunk-devops Description: Spectrep. Splunk Plugin allowed arbitrary code execution due to a form validation bypass. IBM AppScan Plugin Plain Text Password Issue CVE: SECURITY-1512 / CVE-2019-10391 Severity: Low Affected Plugin: ibm-application-security Description: IBM AppScan Plugin transmitted service passwords in plain text, potentially exposing them. Affected Versions Jenkins Weekly: up to and including 2.191 Jenkins LTS: up to and including 2.176.2 IBM AppScan Plugin: up to and including 1.2.4 Splunk Plugin: up to and including 1.7.4 Fix Update Jenkins Weekly to version 2.192 Update Jenkins LTS to version 2.176.3 Update IBM AppScan Plugin to version 1.2.5 Update Splunk Plugin to version 1.8.0