Cross-Site Scripting Vulnerability in Jenkins Config File Provider Plugin
CVE-2019-1003014
4.8MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 6 February 2019
What is CVE-2019-1003014?
A cross-site scripting vulnerability exists in the Jenkins Config File Provider Plugin versions 3.4.1 and earlier. This issue allows attackers, who possess permissions to define shared configuration files, to execute arbitrary JavaScript code when a user attempts to delete these files. This can lead to unauthorized actions and compromise the integrity of the user session.
Affected Version(s)
Jenkins Config File Provider Plugin 3.4.1 and earlier