CVE-2019-10475

Name of the Vulnerable Software and Affected Versions Jenkins build-metrics Plugin (affected versions not specified)

Description A reflected cross-site scripting issue allows attackers to inject arbitrary HTML and JavaScript into web pages provided by the plugin. The label query parameter is not properly escaped, resulting in this issue. There is no information about real-world incidents or the estimated number of potentially affected devices worldwide.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable label query parameter to minimize the risk of exploitation. Avoid using the label parameter in affected API endpoints until the issue is resolved.