Stored Cross-Site Scripting Vulnerability in Jenkins ElectricFlow Plugin
CVE-2019-10335

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Electricflow Plugin
Vendor: CVE Published:; 11 June 2019

Summary

A stored cross-site scripting vulnerability exists in the Jenkins ElectricFlow Plugin 1.1.5 and prior versions. This security flaw allows attackers with job configuration permissions in Jenkins or control over the ElectricFlow API output to inject arbitrary HTML and JavaScript. Consequently, malicious scripts can execute in users' browsers when they interact with affected build status pages, potentially leading to unauthorized access or data manipulation.