Description

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.

Remediation

References

https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1361

http://www.openwall.com/lists/oss-security/2019/03/28/2

http://www.securityfocus.com/bid/107628

https://access.redhat.com/errata/RHSA-2019:1423

Related Vulnerabilities

CVE-2020-14445 Vulnerability in maven package org.wso2.carbon.identity.framework:org.wso2.carbon.policyeditor.ui

CVE-2023-46604 Vulnerability in maven package org.apache.activemq:activemq-openwire-legacy

CVE-2019-10201 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2023-30843 Vulnerability in npm package payload

CVE-2023-34055 Vulnerability in maven package org.springframework.boot:spring-boot-actuator

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory VDB Entry