Cross-Site Scripting Vulnerability in Jenkins Config File Provider Plugin
CVE-2019-1003014
4.8MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 6 February 2019
What is CVE-2019-1003014?
A cross-site scripting vulnerability exists in the Jenkins Config File Provider Plugin versions 3.4.1 and earlier. This issue allows attackers, who possess permissions to define shared configuration files, to execute arbitrary JavaScript code when a user attempts to delete these files. This can lead to unauthorized actions and compromise the integrity of the user session.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Jenkins Config File Provider Plugin 3.4.1 and earlier
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved