Description

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.

Remediation

References

https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1361

http://www.openwall.com/lists/oss-security/2019/03/28/2

http://www.securityfocus.com/bid/107628

https://access.redhat.com/errata/RHSA-2019:1423

Related Vulnerabilities

CVE-2022-35915 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-trino

CVE-2017-1000354 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-41929 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2022-21211 Vulnerability in npm package posix

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory VDB Entry