Vulnerability Details : CVE-2019-1003042
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2019-1003042
- cpe:2.3:a:jenkins:lockable_resources:*:*:*:*:*:jenkins:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1003042
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-1003042
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
5.4
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
NIST |
CWE ids for CVE-2019-1003042
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by:
- jenkinsci-cert@googlegroups.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2019-1003042
-
http://www.openwall.com/lists/oss-security/2019/03/28/2
oss-security - Re: Multiple vulnerabilities in Jenkins pluginsMailing List;Third Party Advisory
-
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1361
Jenkins Security Advisory 2019-03-25Vendor Advisory
-
http://www.securityfocus.com/bid/107628
Multiple Jenkins Plugins Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2019:1423
RHSA-2019:1423 - Security Advisory - Red Hat Customer Portal
Jump to