Description

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/03/28/2

http://www.securityfocus.com/bid/107628

https://access.redhat.com/errata/RHSA-2019:1423

https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1361

Related Vulnerabilities

CVE-2023-27848 Vulnerability in npm package broccoli-compass

CVE-2020-13925 Vulnerability in maven package org.apache.kylin:kylin-server

CVE-2019-17572 Vulnerability in maven package org.apache.rocketmq:rocketmq-broker

CVE-2023-34434 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2019-10337 Vulnerability in maven package org.jenkins-ci.plugins:token-macro

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory