CVE-2019-1003042

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Lockable Resources Plugin
Vendor: CVE Published:; 28 March 2019

Summary

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.

Affected Version(s)

Jenkins Lockable Resources Plugin 2.4 and earlier

References

http://www.openwall.com/lists/oss-security/2019/03/28/2

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/107628

vdb-entryx_refsource_BID

https://access.redhat.com/errata/RHSA-2019:1423

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 28, 2019
Vulnerability Reserved
Mar 28, 2019