PT-2019-2580 · Jenkins · Jenkins Lockable Resources Plugin+1
Jesper Den Boer
·
Published
2019-03-25
·
Updated
2023-10-25
·
CVE-2019-1003042
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Lockable Resources Plugin versions 2.4 and earlier
Description
The issue allows attackers to inject arbitrary JavaScript code in web pages rendered by the plugin due to a cross-site scripting vulnerability. This can be exploited by attackers who can control resource names, potentially allowing a remote attacker to inject arbitrary JavaScript code into web pages displayed by the plugin.
Recommendations
For Jenkins Lockable Resources Plugin versions 2.4 and earlier, consider updating to a version later than 2.4 to resolve the issue.
As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Lockable Resources Plugin