Cross-Site Scripting Vulnerability in Jenkins Config File Provider Plugin
CVE-2019-1003014

4.8MEDIUM

Key Information:

Vendor
Jenkins
Status
Jenkins Config File Provider Plugin
Vendor
CVE Published:
6 February 2019

Summary

A cross-site scripting vulnerability exists in the Jenkins Config File Provider Plugin versions 3.4.1 and earlier. This issue allows attackers, who possess permissions to define shared configuration files, to execute arbitrary JavaScript code when a user attempts to delete these files. This can lead to unauthorized actions and compromise the integrity of the user session.

Affected Version(s)

Jenkins Config File Provider Plugin 3.4.1 and earlier

References

https://jenkins.io/security/advisory/2019-01-28/#SECURITY...
x_refsource_CONFIRM
https://access.redhat.com/errata/RHBA-2019:0326
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:0327
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.