CVE-2019-1003042

Name of the Vulnerable Software and Affected Versions Jenkins Lockable Resources Plugin versions 2.4 and earlier

Description The issue allows attackers to inject arbitrary JavaScript code in web pages rendered by the plugin due to a cross-site scripting vulnerability. This can be exploited by attackers who can control resource names, potentially allowing a remote attacker to inject arbitrary JavaScript code into web pages displayed by the plugin.

Recommendations For Jenkins Lockable Resources Plugin versions 2.4 and earlier, consider updating to a version later than 2.4 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.